National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2016-1285 Detail

Current Description

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Source:  MITRE      Last Modified:  06/16/2016      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2016-1285
Original release date:
03/09/2016
Last revised:
11/20/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
6.8 Medium
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H (legend)
Impact Score:
4.0
Exploitability Score:
2.2
CVSS Version 3 Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High
CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html External Source FEDORA FEDORA-2016-364c0a9df4
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html External Source FEDORA FEDORA-2016-161b73fc2c
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html External Source FEDORA FEDORA-2016-b593e84223
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html External Source FEDORA FEDORA-2016-5047abe4a9
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html External Source FEDORA FEDORA-2016-75f31fbb0a
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html External Source FEDORA FEDORA-2016-dce6dbe6a8
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html External Source SUSE SUSE-SU-2016:0759
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html External Source SUSE SUSE-SU-2016:0780
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html External Source SUSE SUSE-SU-2016:0825
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html External Source SUSE openSUSE-SU-2016:0827
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html External Source SUSE openSUSE-SU-2016:0830
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html External Source SUSE openSUSE-SU-2016:0834
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html External Source SUSE openSUSE-SU-2016:0859
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html Third Party Advisory External Source SUSE SUSE-SU-2016:1541
http://marc.info/?l=bugtraq&m=146191105921542&w=2 Third Party Advisory External Source HP SSRT110084
http://rhn.redhat.com/errata/RHSA-2016-0562.html External Source REDHAT RHSA-2016:0562
http://rhn.redhat.com/errata/RHSA-2016-0601.html External Source REDHAT RHSA-2016:0601
http://www.debian.org/security/2016/dsa-3511 External Source DEBIAN DSA-3511
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securitytracker.com/id/1035236 External Source SECTRACK 1035236
http://www.ubuntu.com/usn/USN-2925-1 External Source UBUNTU USN-2925-1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821 Third Party Advisory External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
https://kb.isc.org/article/AA-01352 Vendor Advisory External Source CONFIRM https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01380 Release Notes External Source CONFIRM https://kb.isc.org/article/AA-01380
https://kb.isc.org/article/AA-01438 External Source CONFIRM https://kb.isc.org/article/AA-01438
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc External Source FREEBSD FreeBSD-SA-16:13
https://security.gentoo.org/glsa/201610-07 External Source GENTOO GLSA-201610-07

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_manager_proxy:2.1:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.9:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:b3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:b4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.1:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.3:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.3:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.5:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.5:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.6:*:*:*:*:*:*:*
Showing 100 of 333 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 20 change records found - show changes