SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1035236
SecurityTracker URL:  http://securitytracker.com/id/1035236
CVE Reference:   CVE-2016-1285   (Links to External Site)
Date:  Mar 10 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.2.0 - 9.8.8, 9.9.0 - 9.9.8-P3, 9.9.3-S1 - 9.9.8-S5, 9.10.0 - 9.10.3-P3
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user on a system specified in the 'named.conf' controls address list can send a specially crafted packet to the target rndc control channel to trigger a parsing error in 'sexpr.c' or 'alist.c' and cause denial of service conditions for clients.

Systems that accept remote commands on the control channel are affected.

Impact:   A remote user can cause denial of service conditions on the target service.
Solution:   The vendor has issued a fix (9.9.8-P4, 9.10.3-P4).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-01352

Vendor URL:  kb.isc.org/article/AA-01352 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 10 2016 (Ubuntu Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
Mar 10 2016 (FreeBSD Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
FreeBSD has issued a fix for FreeBSD 9.3.
Mar 16 2016 (Red Hat Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Mar 16 2016 (Red Hat Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 5, 6, and 7.
Mar 16 2016 (CentOS Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
CentOS has issued a fix for CentOS 5, 6, and 7.
Mar 17 2016 (Oracle Issues Fix for Oracle Linux) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 5, 6, and 7.
Apr 1 2016 (Red Hat Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4, 6.5, and 6.6.
Apr 6 2016 (Red Hat Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.2.
Apr 29 2016 (HPE Issues Fix for HP-UX) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
HPE has issued a fix for HP-UX 11.31.
Jun 18 2016 (IBM Issues Fix for IBM AIX) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Nov 11 2016 (Oracle Issues Fix for Oracle Linux) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
Oracle has issued a fix for Oracle Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC