Vulnerability Description
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Hp-Ux | b.11.31 |
| Isc | Bind | >= 9.0, <= 9.9.8 |
| Fedoraproject | Fedora | 23 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 7.2 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 7.2 |
| Redhat | Enterprise Linux Server Tus | 7.2 |
| Redhat | Enterprise Linux Workstation | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92037Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036360Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2017:0651Third Party Advisory
- https://access.redhat.com/errata/RHBA-2017:1767Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2533Third Party Advisory
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cPatchVendor Advisory
- https://kb.isc.org/article/AA-01393/74/CVE-2016-2775PatchVendor Advisory
- https://kb.isc.org/article/AA-01435Broken Link
- https://kb.isc.org/article/AA-01436Broken Link
- https://kb.isc.org/article/AA-01438Broken Link
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/201610-07Third Party Advisory
FAQ
What is CVE-2016-2775?
CVE-2016-2775 is a vulnerability with a CVSS score of 5.9 (MEDIUM). ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash)...
How severe is CVE-2016-2775?
CVE-2016-2775 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2775?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Hp-Ux, Isc Bind, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.