SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(IBM Issues Fix for IBM AIX) ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1035679
SecurityTracker URL:  http://securitytracker.com/id/1035679
CVE Reference:   CVE-2015-8704   (Links to External Site)
Date:  Apr 26 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.0 - 9.8.8, 9.9.0 - 9.9.8-P2, 9.9.3-S1 - 9.9.8-S3, 9.10.0 - 9.10.3-P2
Description:   A vulnerability was reported in ISC BIND. A remote authenticated user can cause the target service to crash.

A remote authenticated user can send specially crafted Address Prefix List (APL) data to trigger a buffer overflow and cause the target named service to crash.

The vulnerability resides in 'apl_42.c'.

Impact:   A remote authenticated user can cause the target 'named' service to crash.
Solution:   IBM has issued a fix for IBM AIX.

For 5.3.12: APAR IV81278
For 6.1.9: APAR IV81279
For 7.1.3: APAR IV81280
For 7.1.4: APAR IV81281
For 7.2.0: APAR IV81282

The IBM advisory is available at:

https://aix.software.ibm.com/aix/efixes/security/bind_advisory11.asc

Vendor URL:  aix.software.ibm.com/aix/efixes/security/bind_advisory11.asc (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (AIX)
Underlying OS Comments:  5.3, 6.1, 7.1, 7.2

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2016 ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC