CVE-2016-1286 — HIGH (8.6) — White Hats Nepal

Q: How severe is CVE-2016-1286?

CVE-2016-1286 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-1286?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Suse Linux Enterprise Debuginfo, Suse Manager, Suse Manager Proxy, Suse Openstack Cloud.

Vulnerability Description

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Isc	Bind	>= 9.0.0, < 9.9.8
Suse	Linux Enterprise Debuginfo	11
Suse	Manager	2.1
Suse	Manager Proxy	2.1
Suse	Openstack Cloud	5
Opensuse	Leap	42.1
Opensuse	Opensuse	11.4
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Fedoraproject	Fedora	22
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	7.0
Juniper	Junos	12.1x46
Juniper	Vsrx	-
Juniper	Srx100	-
Juniper	Srx110	-
Juniper	Srx1400	-
Juniper	Srx1500	-
Juniper	Srx1600	-

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue TrackingThird Party Advisory

FAQ

What is CVE-2016-1286?

CVE-2016-1286 is a vulnerability with a CVSS score of 8.6 (HIGH). named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME re...

How severe is CVE-2016-1286?

CVE-2016-1286 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1286?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Suse Linux Enterprise Debuginfo, Suse Manager, Suse Manager Proxy, Suse Openstack Cloud.