CVE-2015-5722

HIGH

Description

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

References

http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html

http://marc.info/?l=bugtraq&m=144294073801304&w=2

http://rhn.redhat.com/errata/RHSA-2015-1705.html

http://rhn.redhat.com/errata/RHSA-2015-1706.html

http://rhn.redhat.com/errata/RHSA-2015-1707.html

http://rhn.redhat.com/errata/RHSA-2016-0078.html

http://rhn.redhat.com/errata/RHSA-2016-0079.html

http://www.debian.org/security/2015/dsa-3350

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/76605

http://www.securitytracker.com/id/1033452

http://www.ubuntu.com/usn/USN-2728-1

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918

https://kb.isc.org/article/AA-01287

https://kb.isc.org/article/AA-01305

https://kb.isc.org/article/AA-01306

https://kb.isc.org/article/AA-01307

https://kb.isc.org/article/AA-01438

https://kc.mcafee.com/corporate/index?page=content&id=SB10134

https://security.gentoo.org/glsa/201510-01

https://security.netapp.com/advisory/ntap-20190730-0001/

https://support.apple.com/HT205376

Details

Source: MITRE

Published: 2015-09-05

Updated: 2016-12-31

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:* versions up to 9.9.7 (inclusive)

cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:* versions up to 9.10.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*

Tenable Plugins

View all (47 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
critical
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
critical
9866ISC BIND 9.x < 9.9.7-P3 / 9.9.8 / 9.9.8-S1 / 9.9.8rc1 / 9.9.9-S3 / 9.10.2-P4 / 9.10.3 / 9.10.3rc1 Multiple DoSNessus Network MonitorDNS Servers
high
91739OracleVM 3.2 : bind (OVMSA-2016-0055)NessusOracleVM Local Security Checks
high
88994AIX 7.1 TL 3 : bos.net.tcp.client (U867672)NessusAIX Local Security Checks
high
88814F5 Networks BIG-IP : BIND vulnerability (K17181)NessusF5 Networks Local Security Checks
high
88480RHEL 6 : bind (RHSA-2016:0079)NessusRed Hat Local Security Checks
high
88479RHEL 6 : bind (RHSA-2016:0078)NessusRed Hat Local Security Checks
high
88178SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)NessusSuSE Local Security Checks
high
87184AIX 6.1 TL 9 : bos.net.tcp.client (U861500)NessusAIX Local Security Checks
high
86769AIX 6.1 TL 8 : bind (IV78096)NessusAIX Local Security Checks
high
86768AIX 7.1 TL 3 : bind (IV78095)NessusAIX Local Security Checks
high
86767AIX 7.1 TL 2 : bind (IV78094)NessusAIX Local Security Checks
high
86766AIX 5.3 TL 12 : bind (IV78092)NessusAIX Local Security Checks
high
86765AIX 6.1 TL 9 : bind (IV78091)NessusAIX Local Security Checks
high
86604Mac OS X : OS X Server < 5.0.15 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
86505CentOS 5 : bind97 (CESA-2015:1707)NessusCentOS Local Security Checks
high
86504CentOS 5 : bind (CESA-2015:1706)NessusCentOS Local Security Checks
high
86503CentOS 6 / 7 : bind (CESA-2015:1705)NessusCentOS Local Security Checks
high
86435GLSA-201510-01 : BIND: Denial of ServiceNessusGentoo Local Security Checks
high
86259Fedora 21 : bind-9.9.6-11.P1.fc21 (2015-15061)NessusFedora Local Security Checks
high
86129Fedora 22 : bind99-9.9.7-7.P3.fc22 (2015-14958)NessusFedora Local Security Checks
high
86093openSUSE Security Update : bind (openSUSE-2015-600)NessusSuSE Local Security Checks
high
85972RHEL 5 : bind97 (RHSA-2015:1707)NessusRed Hat Local Security Checks
high
85971RHEL 5 : bind (RHSA-2015:1706)NessusRed Hat Local Security Checks
high
85970RHEL 6 / 7 : bind (RHSA-2015:1705)NessusRed Hat Local Security Checks
high
85896ISC BIND 9.0.x < 9.9.7-P3 / 9.10.x < 9.10.2-P4 Multiple DoSNessusDNS
high
85892Fedora 22 : bind-9.10.2-5.P4.fc22 (2015-15041)NessusFedora Local Security Checks
high
85888Debian DLA-308-1 : bind9 security updateNessusDebian Local Security Checks
high
85841SUSE SLES11 Security Update : bind (SUSE-SU-2015:1496-1)NessusSuSE Local Security Checks
high
85832Fedora 23 : bind-9.10.3-0.1.rc1.fc23 / bind-dyndb-ldap-8.0-3.fc23 / dnsperf-2.0.0.0-18.fc23 (2015-15062)NessusFedora Local Security Checks
high
85831Fedora 23 : bind99-9.9.7-7.P3.fc23 (2015-14954)NessusFedora Local Security Checks
high
85794SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:1481-1)NessusSuSE Local Security Checks
high
85793SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:1480-1)NessusSuSE Local Security Checks
high
85787Scientific Linux Security Update : bind on SL6.x, SL7.x i386/x86_64 (20150903)NessusScientific Linux Local Security Checks
high
85786Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20150903)NessusScientific Linux Local Security Checks
high
85785Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20150903)NessusScientific Linux Local Security Checks
high
85783OracleVM 3.3 : bind (OVMSA-2015-0119)NessusOracleVM Local Security Checks
high
85779Oracle Linux 5 : bind97 (ELSA-2015-1707)NessusOracle Linux Local Security Checks
high
85778Oracle Linux 5 : bind (ELSA-2015-1706)NessusOracle Linux Local Security Checks
high
85777Oracle Linux 6 / 7 : bind (ELSA-2015-1705)NessusOracle Linux Local Security Checks
high
85776FreeBSD : bind -- denial of service vulnerability (eaf3b255-5245-11e5-9ad8-14dae9d210b8)NessusFreeBSD Local Security Checks
high
85765Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : bind9 vulnerability (USN-2728-1)NessusUbuntu Local Security Checks
high
85756Debian DSA-3350-1 : bind9 - security updateNessusDebian Local Security Checks
high
85752Amazon Linux AMI : bind (ALAS-2015-594)NessusAmazon Linux Local Security Checks
high
85746Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-245-01)NessusSlackware Local Security Checks
high