SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1035302
SecurityTracker URL:  http://securitytracker.com/id/1035302
CVE Reference:   CVE-2016-1285   (Links to External Site)
Date:  Mar 16 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.2.0 - 9.8.8, 9.9.0 - 9.9.8-P3, 9.9.3-S1 - 9.9.8-S5, 9.10.0 - 9.10.3-P3
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

A remote user on a system specified in the 'named.conf' controls address list can send a specially crafted packet to the target rndc control channel to trigger a parsing error in 'sexpr.c' or 'alist.c' and cause denial of service conditions for clients.

Systems that accept remote commands on the control channel are affected.

Impact:   A remote user can cause denial of service conditions on the target service.
Solution:   CentOS has issued a fix.

i386:
6fb71a7c732c06cc50d3fb16f928fc0417b4b664dfef58b11be66cfbcc6ab5ba bind-9.3.6-25.P1.el5_11.8.i386.rpm
02e4087d861074fdcd292474c3aa5fdb4336ac5fa2ea31a7408c05faf8cccd2e bind-chroot-9.3.6-25.P1.el5_11.8.i386.rpm
9f220b1a7b6fdc2bb9c0d6ba3957e0282dfbd21384c5bbfd7db32656027aad4b bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
0e4a3aed04516bba977e4e07da1d099b30dfc462c56848317ab7ed96375d442e bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
6f04ac2aa7ce665a81ce6301590345ceee4c8414e623f73c2b84198e448d97c3 bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm
edbd745d5a585dfed5b9e546a79a29c4b3bf01008132181ade95ad6bb02a3d16 bind-sdb-9.3.6-25.P1.el5_11.8.i386.rpm
90d3db322a576362763ca9c92744db686a45af348e73453440ef1f2c2d05ab26 bind-utils-9.3.6-25.P1.el5_11.8.i386.rpm
0d644babd19fea17add401a85f73ddd1f4fec02a102a90e03d5efadc925313e3 caching-nameserver-9.3.6-25.P1.el5_11.8.i386.rpm

x86_64:
d29484c6ceff636cbfee588e0588f09cefa49fa4abf8e2c95e8a7b19ec82904f bind-9.3.6-25.P1.el5_11.8.x86_64.rpm
4aa42f188e3cd8aaed0f27d195efdb85784a6ced52e994bfbf0ca60b8d3f5333 bind-chroot-9.3.6-25.P1.el5_11.8.x86_64.rpm
9f220b1a7b6fdc2bb9c0d6ba3957e0282dfbd21384c5bbfd7db32656027aad4b bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
342fad37896b03a7d12f85e622ec4942f79335c5ef6a9b2408d48724a7d4925c bind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm
0e4a3aed04516bba977e4e07da1d099b30dfc462c56848317ab7ed96375d442e bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
6bb14d8207893d9f8cc233e2ee995f6150f42b2975e71af71f6f4689587fd08a bind-libbind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm
6f04ac2aa7ce665a81ce6301590345ceee4c8414e623f73c2b84198e448d97c3 bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm
b4d83116240e1d2778bda344e1b973779c92505d19ffb78ab9440783cb72477e bind-libs-9.3.6-25.P1.el5_11.8.x86_64.rpm
2d9c4d2cfb827268ef63efdf81aeb4902e96092ccb592aaa5ff6a38216ba3878 bind-sdb-9.3.6-25.P1.el5_11.8.x86_64.rpm
667d5468495e5e77ae14c110b95388615dec454a5fe61bacc33b2091c39b1fc0 bind-utils-9.3.6-25.P1.el5_11.8.x86_64.rpm
83f85663d8ce858f69c36130af63b1de9da41fdb97744d666b92cbc555506898 caching-nameserver-9.3.6-25.P1.el5_11.8.x86_64.rpm

Source:
4e0254f0d50b4cc185562dec445df5d4b40f29782b68e66fae4c7cbf1dd2248a bind-9.3.6-25.P1.el5_11.8.src.rpm

i386:
a5eba41fcb4adf6207572d530b492827291b7e45b67b130e48dbe6aeb1e96012 bind-9.8.2-0.37.rc1.el6_7.7.i686.rpm
179b86911e5912fb2bda260b3d3b8f3bdbe3cfae1405bc2986282967ad042657 bind-chroot-9.8.2-0.37.rc1.el6_7.7.i686.rpm
fe37415d3d330ac88fb5fcad3a43aa85d32b596bc875e4310e3e876ff787af97 bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm
06525b5d74cd28d99dd8806d6dccbeaacc26d8ad9397b9301dbf00f6a817bfe7 bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm
dd9a7978c46d6ee84aecb0cdd229fb8f83c293bbc82ee0e28ed5c558ef567b48 bind-sdb-9.8.2-0.37.rc1.el6_7.7.i686.rpm
883ef44d6a0d39e5a498bd6c58c64ce44035ed61f5d991ab90dce91f806d035c bind-utils-9.8.2-0.37.rc1.el6_7.7.i686.rpm

x86_64:
57077f8d9bae37f94757c02d5c5ae098dd77103e1ad6e85fa3beecb490837b41 bind-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm
1205384a2d8d9043fc408e7ecacbacb6a2b66e286153efd9e2124e1a56f94ba1 bind-chroot-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm
fe37415d3d330ac88fb5fcad3a43aa85d32b596bc875e4310e3e876ff787af97 bind-devel-9.8.2-0.37.rc1.el6_7.7.i686.rpm
94822fb1cceb1d6cdc6e09d4acde0b2a8840fc668d7a082579f2bd661c982317 bind-devel-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm
06525b5d74cd28d99dd8806d6dccbeaacc26d8ad9397b9301dbf00f6a817bfe7 bind-libs-9.8.2-0.37.rc1.el6_7.7.i686.rpm
aa3f517922147c91e0a754970ac2f20ca334c3137a6d7fec0a148d4eba91a9e8 bind-libs-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm
dbd75d80bef90610f5f4ab75c8e8adac3df824f75859d33f4ce69210a4d39df3 bind-sdb-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm
80b0c97593806647445bc9a0a1166879ebc86fe3d6c7288a8cf8391f9d107a77 bind-utils-9.8.2-0.37.rc1.el6_7.7.x86_64.rpm

Source:
c07a69f550759c5af190544bf1f2de74adcd7eac163c78bb41614023abe3122c bind-9.8.2-0.37.rc1.el6_7.7.src.rpm

x86_64:
137b51b4db465e884e85a02862bb4324cb2c09e36645833526af773f66400111 bind-9.9.4-29.el7_2.3.x86_64.rpm
ad11b0805dc4914a6a1f941bbe7e7df05ca38ac8be38b352b4eb0bcfb1fa97ee bind-chroot-9.9.4-29.el7_2.3.x86_64.rpm
f3ab05dd382137f5d2734f8a8da29ea548487ad7a2b785c1c132522ae5f93de1 bind-devel-9.9.4-29.el7_2.3.i686.rpm
78face375361ca7d3329e5e54b518b052e92c8952f2212eed89abd161b875286 bind-devel-9.9.4-29.el7_2.3.x86_64.rpm
0c4961ac609e396387eec4168854ff1b32935f4155419b5c7d724951df348d9f bind-libs-9.9.4-29.el7_2.3.i686.rpm
babf3ef8173c0a14f80274a882f76f70bef8864ee7409fc5d267b2a02e135e2f bind-libs-9.9.4-29.el7_2.3.x86_64.rpm
de3477a4ccc3c55f89b7b9cb3c493ffd9edfde9a57329f7a9f07439d012e45fe bind-libs-lite-9.9.4-29.el7_2.3.i686.rpm
0df8e93382797ca9e1be51309f0cd8fc4eb0c5f46f415927275a24b8fe1a834b bind-libs-lite-9.9.4-29.el7_2.3.x86_64.rpm
f6601959c359db93b8a6a69759c22bb08797a392760ec27b8296d2bb739dba9f bind-license-9.9.4-29.el7_2.3.noarch.rpm
131a34fcc6265a0e5a31afeec0bdb8e589c3fdc1a965a1746d61234ffbea232e bind-lite-devel-9.9.4-29.el7_2.3.i686.rpm
fcdb776b789de02025e3484657327b4800a92e8707264d93a61bb57e4a1ad6d2 bind-lite-devel-9.9.4-29.el7_2.3.x86_64.rpm
d249990bdae9e1ca118b9e5f2cfa44b18fc8e70446cbf9f0c94ea827c36fd64e bind-pkcs11-9.9.4-29.el7_2.3.x86_64.rpm
7faa189d77dae6452816d7730ce80a4670011f1cab65890bdea5fd728162d8d4 bind-pkcs11-devel-9.9.4-29.el7_2.3.i686.rpm
1a384cf1fb2d08d5afc1a83243dc1f692d3036f37923df5511d312dab61d7d58 bind-pkcs11-devel-9.9.4-29.el7_2.3.x86_64.rpm
cb8b648e67093a13ff8f5136123075d00ba84f1cb15dcdb54f29d92b423c344b bind-pkcs11-libs-9.9.4-29.el7_2.3.i686.rpm
58e866f4d01d36e90a80a70d75ef66d782a529276b134741d6619c6e217db2b9 bind-pkcs11-libs-9.9.4-29.el7_2.3.x86_64.rpm
cc37699c9587edb1eed3f908abfb2cfbf3217c6885f5e86ed2361dbe278afabd bind-pkcs11-utils-9.9.4-29.el7_2.3.x86_64.rpm
3f578514afca458d225f8ae3c19b8a0c3c7658f94919eb45dd5835f5006652b4 bind-sdb-9.9.4-29.el7_2.3.x86_64.rpm
24591c4bad24906f632dabe0de509a6b87a8ffe5ae16d31072013655abe66b0e bind-sdb-chroot-9.9.4-29.el7_2.3.x86_64.rpm
9feb2f7fb778730f694343c030856a3585dfbe3d4bca300f6b4cd1ab53eefc1c bind-utils-9.9.4-29.el7_2.3.x86_64.rpm

Source:
eaff3e7cf4061acb9a123eb83c72b538ae94f6efd18dfa73beb77d8a81864179 bind-9.9.4-29.el7_2.3.src.rpm

Cause:   Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Mar 10 2016 BIND Input Validation Flaw in Control Channel Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0459 Important CentOS 5 bind Security Update


CentOS Errata and Security Advisory 2016:0459 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0459.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
6fb71a7c732c06cc50d3fb16f928fc0417b4b664dfef58b11be66cfbcc6ab5ba  bind-9.3.6-25.P1.el5_11.8.i386.rpm
02e4087d861074fdcd292474c3aa5fdb4336ac5fa2ea31a7408c05faf8cccd2e  bind-chroot-9.3.6-25.P1.el5_11.8.i386.rpm
9f220b1a7b6fdc2bb9c0d6ba3957e0282dfbd21384c5bbfd7db32656027aad4b  bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
0e4a3aed04516bba977e4e07da1d099b30dfc462c56848317ab7ed96375d442e  bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
6f04ac2aa7ce665a81ce6301590345ceee4c8414e623f73c2b84198e448d97c3  bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm
edbd745d5a585dfed5b9e546a79a29c4b3bf01008132181ade95ad6bb02a3d16  bind-sdb-9.3.6-25.P1.el5_11.8.i386.rpm
90d3db322a576362763ca9c92744db686a45af348e73453440ef1f2c2d05ab26  bind-utils-9.3.6-25.P1.el5_11.8.i386.rpm
0d644babd19fea17add401a85f73ddd1f4fec02a102a90e03d5efadc925313e3  caching-nameserver-9.3.6-25.P1.el5_11.8.i386.rpm

x86_64:
d29484c6ceff636cbfee588e0588f09cefa49fa4abf8e2c95e8a7b19ec82904f  bind-9.3.6-25.P1.el5_11.8.x86_64.rpm
4aa42f188e3cd8aaed0f27d195efdb85784a6ced52e994bfbf0ca60b8d3f5333  bind-chroot-9.3.6-25.P1.el5_11.8.x86_64.rpm
9f220b1a7b6fdc2bb9c0d6ba3957e0282dfbd21384c5bbfd7db32656027aad4b  bind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
342fad37896b03a7d12f85e622ec4942f79335c5ef6a9b2408d48724a7d4925c  bind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm
0e4a3aed04516bba977e4e07da1d099b30dfc462c56848317ab7ed96375d442e  bind-libbind-devel-9.3.6-25.P1.el5_11.8.i386.rpm
6bb14d8207893d9f8cc233e2ee995f6150f42b2975e71af71f6f4689587fd08a  bind-libbind-devel-9.3.6-25.P1.el5_11.8.x86_64.rpm
6f04ac2aa7ce665a81ce6301590345ceee4c8414e623f73c2b84198e448d97c3  bind-libs-9.3.6-25.P1.el5_11.8.i386.rpm
b4d83116240e1d2778bda344e1b973779c92505d19ffb78ab9440783cb72477e  bind-libs-9.3.6-25.P1.el5_11.8.x86_64.rpm
2d9c4d2cfb827268ef63efdf81aeb4902e96092ccb592aaa5ff6a38216ba3878  bind-sdb-9.3.6-25.P1.el5_11.8.x86_64.rpm
667d5468495e5e77ae14c110b95388615dec454a5fe61bacc33b2091c39b1fc0  bind-utils-9.3.6-25.P1.el5_11.8.x86_64.rpm
83f85663d8ce858f69c36130af63b1de9da41fdb97744d666b92cbc555506898  caching-nameserver-9.3.6-25.P1.el5_11.8.x86_64.rpm

Source:
4e0254f0d50b4cc185562dec445df5d4b40f29782b68e66fae4c7cbf1dd2248a  bind-9.3.6-25.P1.el5_11.8.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC