Vulnerability Description
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | >= 9.0.0, < 9.9.8 |
| Suse | Linux Enterprise Debuginfo | 11 |
| Suse | Manager | 2.1 |
| Suse | Manager Proxy | 2.1 |
| Suse | Openstack Cloud | 5 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 11.4 |
| Suse | Linux Enterprise Desktop | 11 |
| Suse | Linux Enterprise Server | 11 |
| Suse | Linux Enterprise Software Development Kit | 11 |
| Fedoraproject | Fedora | 22 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 7.0 |
| Juniper | Junos | 12.1x46 |
| Juniper | Vsrx | - |
| Juniper | Srx100 | - |
| Juniper | Srx110 | - |
| Juniper | Srx1400 | - |
| Juniper | Srx1500 | - |
| Juniper | Srx1600 | - |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing List
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing List
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing List
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing List
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlMailing List
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlMailing List
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing ListThird Party Advisory
- http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue TrackingThird Party Advisory
FAQ
What is CVE-2016-1285?
CVE-2016-1285 is a vulnerability with a CVSS score of 6.8 (MEDIUM). named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (...
How severe is CVE-2016-1285?
CVE-2016-1285 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1285?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Suse Linux Enterprise Debuginfo, Suse Manager, Suse Manager Proxy, Suse Openstack Cloud.