CVE-2015-5722

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

References

http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html

http://marc.info/?l=bugtraq&m=144294073801304&w=2

http://rhn.redhat.com/errata/RHSA-2015-1705.html

http://rhn.redhat.com/errata/RHSA-2015-1706.html

http://rhn.redhat.com/errata/RHSA-2015-1707.html

http://rhn.redhat.com/errata/RHSA-2016-0078.html

http://rhn.redhat.com/errata/RHSA-2016-0079.html

http://www.debian.org/security/2015/dsa-3350

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/76605

http://www.securitytracker.com/id/1033452

http://www.ubuntu.com/usn/USN-2728-1

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918

https://kb.isc.org/article/AA-01287

https://kb.isc.org/article/AA-01305

https://kb.isc.org/article/AA-01306

https://kb.isc.org/article/AA-01307

https://kb.isc.org/article/AA-01438

https://kc.mcafee.com/corporate/index?page=content&id=SB10134

https://security.gentoo.org/glsa/201510-01

https://security.netapp.com/advisory/ntap-20190730-0001/

https://support.apple.com/HT205376

Details

Source: MITRE

Published: 2015-09-05

Updated: 2016-12-31

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:* versions up to 9.9.7 (inclusive)

cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:* versions up to 9.10.2 (inclusive)

Configuration 2

OR

cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*

Tenable Plugins

View all (47 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
9866ISC BIND 9.x < 9.9.7-P3 / 9.9.8 / 9.9.8-S1 / 9.9.8rc1 / 9.9.9-S3 / 9.10.2-P4 / 9.10.3 / 9.10.3rc1 Multiple DoSNessus Network MonitorDNS Servers
high
91739OracleVM 3.2 : bind (OVMSA-2016-0055)NessusOracleVM Local Security Checks
high
88994AIX 7.1 TL 3 : bos.net.tcp.client (U867672)NessusAIX Local Security Checks
high
88814F5 Networks BIG-IP : BIND vulnerability (K17181)NessusF5 Networks Local Security Checks
high
88480RHEL 6 : bind (RHSA-2016:0079)NessusRed Hat Local Security Checks
high
88479RHEL 6 : bind (RHSA-2016:0078)NessusRed Hat Local Security Checks
high
88178SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)NessusSuSE Local Security Checks
medium
87184AIX 6.1 TL 9 : bos.net.tcp.client (U861500)NessusAIX Local Security Checks
high
86769AIX 6.1 TL 8 : bind (IV78096)NessusAIX Local Security Checks
high
86768AIX 7.1 TL 3 : bind (IV78095)NessusAIX Local Security Checks
high
86767AIX 7.1 TL 2 : bind (IV78094)NessusAIX Local Security Checks
high
86766AIX 5.3 TL 12 : bind (IV78092)NessusAIX Local Security Checks
high
86765AIX 6.1 TL 9 : bind (IV78091)NessusAIX Local Security Checks
high
86604Mac OS X : OS X Server < 5.0.15 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
86505CentOS 5 : bind97 (CESA-2015:1707)NessusCentOS Local Security Checks
high
86504CentOS 5 : bind (CESA-2015:1706)NessusCentOS Local Security Checks
high
86503CentOS 6 / 7 : bind (CESA-2015:1705)NessusCentOS Local Security Checks
high
86435GLSA-201510-01 : BIND: Denial of ServiceNessusGentoo Local Security Checks
high
86259Fedora 21 : bind-9.9.6-11.P1.fc21 (2015-15061)NessusFedora Local Security Checks
high
86129Fedora 22 : bind99-9.9.7-7.P3.fc22 (2015-14958)NessusFedora Local Security Checks
high
86093openSUSE Security Update : bind (openSUSE-2015-600)NessusSuSE Local Security Checks
high
85972RHEL 5 : bind97 (RHSA-2015:1707)NessusRed Hat Local Security Checks
high
85971RHEL 5 : bind (RHSA-2015:1706)NessusRed Hat Local Security Checks
high
85970RHEL 6 / 7 : bind (RHSA-2015:1705)NessusRed Hat Local Security Checks
high
85896ISC BIND 9.0.x < 9.9.7-P3 / 9.10.x < 9.10.2-P4 Multiple DoSNessusDNS
high
85892Fedora 22 : bind-9.10.2-5.P4.fc22 (2015-15041)NessusFedora Local Security Checks
high
85888Debian DLA-308-1 : bind9 security updateNessusDebian Local Security Checks
high
85841SUSE SLES11 Security Update : bind (SUSE-SU-2015:1496-1)NessusSuSE Local Security Checks
high
85832Fedora 23 : bind-9.10.3-0.1.rc1.fc23 / bind-dyndb-ldap-8.0-3.fc23 / dnsperf-2.0.0.0-18.fc23 (2015-15062)NessusFedora Local Security Checks
high
85831Fedora 23 : bind99-9.9.7-7.P3.fc23 (2015-14954)NessusFedora Local Security Checks
high
85794SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:1481-1)NessusSuSE Local Security Checks
high
85793SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:1480-1)NessusSuSE Local Security Checks
high
85787Scientific Linux Security Update : bind on SL6.x, SL7.x i386/x86_64 (20150903)NessusScientific Linux Local Security Checks
high
85786Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20150903)NessusScientific Linux Local Security Checks
high
85785Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20150903)NessusScientific Linux Local Security Checks
high
85783OracleVM 3.3 : bind (OVMSA-2015-0119)NessusOracleVM Local Security Checks
high
85779Oracle Linux 5 : bind97 (ELSA-2015-1707)NessusOracle Linux Local Security Checks
high
85778Oracle Linux 5 : bind (ELSA-2015-1706)NessusOracle Linux Local Security Checks
high
85777Oracle Linux 6 / 7 : bind (ELSA-2015-1705)NessusOracle Linux Local Security Checks
high
85776FreeBSD : bind -- denial of service vulnerability (eaf3b255-5245-11e5-9ad8-14dae9d210b8)NessusFreeBSD Local Security Checks
high
85765Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : bind9 vulnerability (USN-2728-1)NessusUbuntu Local Security Checks
high
85756Debian DSA-3350-1 : bind9 - security updateNessusDebian Local Security Checks
high
85752Amazon Linux AMI : bind (ALAS-2015-594)NessusAmazon Linux Local Security Checks
high
85746Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-245-01)NessusSlackware Local Security Checks
high