SB2015101802 - Gentoo update for BIND

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015101802

SB2015101802 - Gentoo update for BIND

Published: October 18, 2015 Updated: September 25, 2016

Security Bulletin ID SB2015101802
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2015-1349)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.


2) Input validation error (CVE-ID: CVE-2015-4620)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.


3) Data Handling (CVE-ID: CVE-2015-5477)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.


4) Input validation error (CVE-ID: CVE-2015-5722)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.


5) Input validation error (CVE-ID: CVE-2015-5986)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.


Remediation

Install update from vendor's website.

References