Vulnerabilities > CVE-2016-8864 - Reachable Assertion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0034.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) last seen 2020-06-01 modified 2020-06-02 plugin id 96591 published 2017-01-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96591 title OracleVM 3.2 : bind (OVMSA-2017-0034) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2017-0034. # include("compat.inc"); if (description) { script_id(96591); script_version("3.8"); script_cvs_date("Date: 2019/09/27 13:00:35"); script_cve_id("CVE-2016-8864", "CVE-2016-9147"); script_name(english:"OracleVM 3.2 : bind (OVMSA-2017-0034)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2017-January/000623.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0a34de07" ); script_set_attribute( attribute:"solution", value:"Update the affected bind-libs / bind-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/02"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"bind-libs-9.3.6-25.P1.el5_11.12")) flag++; if (rpm_check(release:"OVS3.2", reference:"bind-utils-9.3.6-25.P1.el5_11.12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind-libs / bind-utils"); }NASL family Fedora Local Security Checks NASL id FEDORA_2017-96B7F4F53E.NASL description Security fix for CVE-2017-3135 (unaffected), fixes regression made by CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-03-06 plugin id 97536 published 2017-03-06 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97536 title Fedora 25 : bind99 (2017-96b7f4f53e) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL35322517.NASL description named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. (CVE-2016-8864) last seen 2020-06-01 modified 2020-06-02 plugin id 97154 published 2017-02-15 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97154 title F5 Networks BIG-IP : BIND vulnerability (K35322517) NASL family Scientific Linux Local Security Checks NASL id SL_20161103_BIND_ON_SL7_X.NASL description Security Fix(es) : - A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) last seen 2020-03-18 modified 2016-12-15 plugin id 95834 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95834 title Scientific Linux Security Update : bind on SL7.x x86_64 (20161103) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2706-1.NASL description This update for bind fixes the following issues : - A defect in BIND last seen 2020-06-01 modified 2020-06-02 plugin id 94507 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94507 title SUSE SLES11 Security Update : bind (SUSE-SU-2016:2706-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2142.NASL description An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94503 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94503 title RHEL 5 : bind97 (RHSA-2016:2142) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1272.NASL description This update for bind fixes the following issues : - A defect in BIND last seen 2020-06-05 modified 2016-11-08 plugin id 94619 published 2016-11-08 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94619 title openSUSE Security Update : bind (openSUSE-2016-1272) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2871.NASL description An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 95563 published 2016-12-06 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95563 title RHEL 6 : bind (RHSA-2016:2871) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2696-1.NASL description This update for bind fixes the following security issue : - A defect in BIND last seen 2020-06-01 modified 2020-06-02 plugin id 94504 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94504 title SUSE SLES12 Security Update : bind (SUSE-SU-2016:2696-1) NASL family Fedora Local Security Checks NASL id FEDORA_2016-8E39076950.NASL description Security fix for CVE-2016-6170 ---- Security fix for CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-25 plugin id 95305 published 2016-11-25 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95305 title Fedora 23 : bind99 (2016-8e39076950) NASL family Fedora Local Security Checks NASL id FEDORA_2016-9417B4C1DC.NASL description Allow zone size limit (CVE-2016-6170) ---- Security fix for CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-17 plugin id 94926 published 2016-11-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94926 title Fedora 24 : bind99 (2016-9417b4c1dc) NASL family Scientific Linux Local Security Checks NASL id SL_20161102_BIND97_ON_SL5_X.NASL description Security Fix(es) : - A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) last seen 2020-03-18 modified 2016-11-04 plugin id 94570 published 2016-11-04 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94570 title Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20161102) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2142.NASL description From Red Hat Security Advisory 2016:2142 : An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94496 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94496 title Oracle Linux 5 : bind97 (ELSA-2016-2142) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0152.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2016-8864) last seen 2020-06-01 modified 2020-06-02 plugin id 94497 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94497 title OracleVM 3.3 / 3.4 : bind (OVMSA-2016-0152) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3795.NASL description It was discovered that a maliciously crafted query can cause ISC last seen 2020-06-01 modified 2020-06-02 plugin id 97399 published 2017-02-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97399 title Debian DSA-3795-1 : bind9 - security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-768.NASL description A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. last seen 2020-06-01 modified 2020-06-02 plugin id 94974 published 2016-11-21 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94974 title Amazon Linux AMI : bind (ALAS-2016-768) NASL family AIX Local Security Checks NASL id AIX_IV91255.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DNAME answer in db.c or resolver.c. By sending a recursive response, a remote attacker could exploit this vulnerability to trigger an assertion failure. ISC BIND is vulnerable to a denial of service. By sending a specially crafted DNS packet with malformed options, a remote attacker could exploit this vulnerability to trigger an assertion failure. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory14.nasl (plugin id 102126). last seen 2017-10-29 modified 2017-08-03 plugin id 95892 published 2016-12-16 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=95892 title AIX 7.1 TL 4 : bind (IV91255) (deprecated) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0033.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) last seen 2020-06-01 modified 2020-06-02 plugin id 96590 published 2017-01-18 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96590 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0033) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0100.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix DNSKEY that encountered a CNAME (#1447869, ISC change 3391) - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) last seen 2020-06-01 modified 2020-06-02 plugin id 100090 published 2017-05-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100090 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-26.NASL description The remote host is affected by the vulnerability described in GLSA-201701-26 (BIND: Denial of Service) A defect in BIND’s handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c. Impact : A remote attacker could send a specially crafted DNS request to the BIND resolver possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96420 published 2017-01-12 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96420 title GLSA-201701-26 : BIND: Denial of Service NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2615.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94605 published 2016-11-07 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94605 title RHEL 7 : bind (RHSA-2016:2615) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2142.NASL description An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94472 published 2016-11-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94472 title CentOS 5 : bind97 (CESA-2016:2142) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-696.NASL description Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial of service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily affects recursive resolvers. For Debian 7 last seen 2020-03-17 modified 2016-11-03 plugin id 94477 published 2016-11-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94477 title Debian DLA-696-1 : bind9 security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3703.NASL description Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily affects recursive resolvers. last seen 2020-06-01 modified 2020-06-02 plugin id 94478 published 2016-11-03 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94478 title Debian DSA-3703-1 : bind9 - security update NASL family Fedora Local Security Checks NASL id FEDORA_2016-E38196B52A.NASL description Security fix for CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-14 plugin id 94749 published 2016-11-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94749 title Fedora 24 : 32:bind (2016-e38196b52a) NASL family Fedora Local Security Checks NASL id FEDORA_2016-46137973BA.NASL description Security fix for CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-21 plugin id 95000 published 2016-11-21 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95000 title Fedora 25 : 32:bind (2016-46137973ba) NASL family Fedora Local Security Checks NASL id FEDORA_2017-D0C9BF9508.NASL description Security fix for CVE-2017-3135 (unaffected), fixes regression made by CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-03-06 plugin id 97541 published 2017-03-06 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97541 title Fedora 24 : bind99 (2017-d0c9bf9508) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2615.NASL description From Red Hat Security Advisory 2016:2615 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94727 published 2016-11-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94727 title Oracle Linux 7 : bind (ELSA-2016-2615) NASL family AIX Local Security Checks NASL id AIX_IV91256.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DNAME answer in db.c or resolver.c. By sending a recursive response, a remote attacker could exploit this vulnerability to trigger an assertion failure. ISC BIND is vulnerable to a denial of service. By sending a specially crafted DNS packet with malformed options, a remote attacker could exploit this vulnerability to trigger an assertion failure. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory14.nasl (plugin id 102126). last seen 2017-10-29 modified 2017-08-03 plugin id 96153 published 2016-12-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96153 title AIX 7.2 TL 0 : bind (IV91256) (deprecated) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-308-02.NASL description New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 94517 published 2016-11-04 reporter This script is Copyright (C) 2016-2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94517 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2016-308-02) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2697-1.NASL description This update for bind fixes the following issues : - A defect in BIND last seen 2020-06-01 modified 2020-06-02 plugin id 94505 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94505 title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:2697-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1079.NASL description According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99839 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99839 title EulerOS 2.0 SP1 : bind (EulerOS-SA-2016-1079) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2141.NASL description An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94502 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94502 title RHEL 5 / 6 : bind (RHSA-2016:2141) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family AIX Local Security Checks NASL id AIX_IV91257.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DNAME answer in db.c or resolver.c. By sending a recursive response, a remote attacker could exploit this vulnerability to trigger an assertion failure. ISC BIND is vulnerable to a denial of service. By sending a specially crafted DNS packet with malformed options, a remote attacker could exploit this vulnerability to trigger an assertion failure. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory14.nasl (plugin id 102126). last seen 2017-10-29 modified 2017-08-03 plugin id 96154 published 2016-12-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96154 title AIX 7.2 TL 1 : bind (IV91257) (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2016-605FD98C32.NASL description Security fix for CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-29 plugin id 95376 published 2016-11-29 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95376 title Fedora 23 : 32:bind (2016-605fd98c32) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2615.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 95354 published 2016-11-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95354 title CentOS 7 : bind (CESA-2016:2615) NASL family AIX Local Security Checks NASL id AIX_IV91214.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DNAME answer in db.c or resolver.c. By sending a recursive response, a remote attacker could exploit this vulnerability to trigger an assertion failure. ISC BIND is vulnerable to a denial of service. By sending a specially crafted DNS packet with malformed options, a remote attacker could exploit this vulnerability to trigger an assertion failure. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory14.nasl (plugin id 102126). last seen 2017-10-29 modified 2017-08-03 plugin id 95890 published 2016-12-16 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=95890 title AIX 7.1 TL 3 : bind (IV91214) (deprecated) NASL family AIX Local Security Checks NASL id AIX_IV91254.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DNAME answer in db.c or resolver.c. By sending a recursive response, a remote attacker could exploit this vulnerability to trigger an assertion failure. ISC BIND is vulnerable to a denial of service. By sending a specially crafted DNS packet with malformed options, a remote attacker could exploit this vulnerability to trigger an assertion failure. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory14.nasl (plugin id 102126). last seen 2017-10-29 modified 2017-08-03 plugin id 95891 published 2016-12-16 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=95891 title AIX 6.1 TL 9 : bind (IV91254) (deprecated) NASL family AIX Local Security Checks NASL id AIX_IV91253.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DNAME answer in db.c or resolver.c. By sending a recursive response, a remote attacker could exploit this vulnerability to trigger an assertion failure. ISC BIND is vulnerable to a denial of service. By sending a specially crafted DNS packet with malformed options, a remote attacker could exploit this vulnerability to trigger an assertion failure. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory14.nasl (plugin id 102126). last seen 2017-10-29 modified 2017-08-03 plugin id 96152 published 2016-12-28 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96152 title AIX 5.3 TL 12 : bind (IV91253) (deprecated) NASL family DNS NASL id BIND9_CVE-2016-8864.NASL description According to its self-reported version number, the instance of ISC BIND 9 running on the remote name server is affected by a denial of service vulnerability due to improper handling of a recursive response containing a DNAME record in the answer section. An unauthenticated, remote attacker can exploit this to cause an assertion failure and daemon exit. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 94577 published 2016-11-04 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94577 title ISC BIND 9 Recursive Response DNAME Record Handling DoS NASL family Fedora Local Security Checks NASL id FEDORA_2016-567A5591E4.NASL description Security fix for CVE-2016-6170 ---- Security fix for CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-21 plugin id 95003 published 2016-11-21 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95003 title Fedora 25 : bind99 (2016-567a5591e4) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-1583.NASL description An update for bind is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) * A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) * A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137) Red Hat would like to thank ISC for reporting these issues. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters of CVE-2016-8864. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459648) last seen 2020-06-01 modified 2020-06-02 plugin id 101100 published 2017-06-29 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101100 title RHEL 7 : bind (RHSA-2017:1583) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3119-1.NASL description Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 94468 published 2016-11-02 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94468 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : bind9 vulnerability (USN-3119-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0B8D01A4A0D211E69CA2D050996490D0.NASL description ISC reports : A defect in BIND last seen 2020-06-01 modified 2020-06-02 plugin id 94491 published 2016-11-03 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94491 title FreeBSD : BIND -- Remote Denial of Service vulnerability (0b8d01a4-a0d2-11e6-9ca2-d050996490d0) NASL family AIX Local Security Checks NASL id AIX_BIND_ADVISORY14.NASL description The version of bind installed on the remote AIX host is affected by the following vulnerabilities : - A denial of service vulnerability exists when handling malformed options sections. An unauthenticated, remote attacker can exploit this, via a specially crafted OPT resource record, to cause an assertion failure, resulting in a daemon exit. (CVE-2016-2848) - A denial of service vulnerability exists due to improper handling of a recursive response containing a DNAME record in the answer section. An unauthenticated, remote attacker can exploit this to cause an assertion failure and daemon exit. (CVE-2016-8864) last seen 2020-06-01 modified 2020-06-02 plugin id 102126 published 2017-08-03 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102126 title AIX bind Advisory : bind_advisory14.asc (IV91214) (IV91253) (IV91254) (IV91255) (IV91256) (IV91257) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1273.NASL description This update for bind fixes the following issues : - A defect in BIND last seen 2020-06-05 modified 2016-11-08 plugin id 94620 published 2016-11-08 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94620 title openSUSE Security Update : bind (openSUSE-2016-1273) NASL family Scientific Linux Local Security Checks NASL id SL_20161102_BIND_ON_SL5_X.NASL description Security Fix(es) : - A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) last seen 2020-03-18 modified 2016-11-04 plugin id 94571 published 2016-11-04 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94571 title Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20161102) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2141.NASL description From Red Hat Security Advisory 2016:2141 : An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94495 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94495 title Oracle Linux 5 / 6 : bind (ELSA-2016-2141) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0153.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2016-8864) last seen 2020-06-01 modified 2020-06-02 plugin id 94498 published 2016-11-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94498 title OracleVM 3.2 : bind (OVMSA-2016-0153) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2141.NASL description An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. last seen 2020-06-01 modified 2020-06-02 plugin id 94471 published 2016-11-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94471 title CentOS 5 / 6 : bind (CESA-2016:2141) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1433.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2016-2776) - A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash.(CVE-2016-1285) - A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.(CVE-2015-4620) - A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2015-5477) - A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.(CVE-2014-0591) - A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.(CVE-2015-5722) - It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the last seen 2020-06-01 modified 2020-06-02 plugin id 124936 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124936 title EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://kb.isc.org/article/AA-01434
- http://www.securityfocus.com/bid/94067
- https://kb.isc.org/article/AA-01438
- https://kb.isc.org/article/AA-01437
- https://kb.isc.org/article/AA-01436
- https://kb.isc.org/article/AA-01435
- http://www.debian.org/security/2016/dsa-3703
- http://rhn.redhat.com/errata/RHSA-2016-2871.html
- http://rhn.redhat.com/errata/RHSA-2016-2615.html
- https://security.gentoo.org/glsa/201701-26
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687
- http://www.securitytracker.com/id/1037156
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:34.bind.asc
- https://access.redhat.com/errata/RHSA-2017:1583
- http://rhn.redhat.com/errata/RHSA-2016-2142.html
- http://rhn.redhat.com/errata/RHSA-2016-2141.html
- https://security.netapp.com/advisory/ntap-20180926-0005/