CVE-2015-8000

MEDIUM

Description

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html

http://marc.info/?l=bugtraq&m=145680832702035&w=2

http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html

http://rhn.redhat.com/errata/RHSA-2015-2655.html

http://rhn.redhat.com/errata/RHSA-2015-2656.html

http://rhn.redhat.com/errata/RHSA-2015-2658.html

http://rhn.redhat.com/errata/RHSA-2016-0078.html

http://rhn.redhat.com/errata/RHSA-2016-0079.html

http://www.debian.org/security/2015/dsa-3420

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/79349

http://www.securitytracker.com/id/1034418

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966

http://www.ubuntu.com/usn/USN-2837-1

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105

https://kb.isc.org/article/AA-01317

https://kb.isc.org/article/AA-01380

https://kb.isc.org/article/AA-01438

Details

Source: MITRE

Published: 2015-12-16

Updated: 2019-12-27

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.4:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.8:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
critical
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
102122AIX bind Advisory : bind_advisory10.asc (IV80187) (IV80188) (IV80189) (IV80191) (IV80192)NessusAIX Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
critical
9867ISC BIND 9.x < 9.9.8-P2 / 9.9.8-S3 / 9.9.9-S3 / 9.10.3-P2 DoSNessus Network MonitorDNS Servers
high
9867ISC BIND 9.x < 9.9.8-P2 / 9.9.8-S3 / 9.9.9-S3 / 9.10.3-P2 DoSNessus Network MonitorDNS Servers
high
91739OracleVM 3.2 : bind (OVMSA-2016-0055)NessusOracleVM Local Security Checks
high
89441Fedora 22 : bind99-9.9.8-1.P2.fc22 / dhcp-4.3.2-6.fc22 (2015-e278e12ebc)NessusFedora Local Security Checks
medium
89221Fedora 23 : bind99-9.9.8-1.P2.fc23 / dhcp-4.3.3-7.fc23 (2015-40882ddfb1)NessusFedora Local Security Checks
medium
89192Fedora 22 : bind-9.10.3-7.P2.fc22 / bind-dyndb-ldap-7.0-6.fc22 / dnsperf-2.0.0.0-19.fc22 (2015-2df40de264)NessusFedora Local Security Checks
high
89136Fedora 23 : bind-9.10.3-7.P2.fc23 / bind-dyndb-ldap-8.0-4.fc23 / dnsperf-2.0.0.0-19.fc23 (2015-09bf9e06ea)NessusFedora Local Security Checks
high
88970AIX 7.2 TL 0 : bind (IV80192) (deprecated)NessusAIX Local Security Checks
medium
88969AIX 7.1 TL 4 : bind (IV80191) (deprecated)NessusAIX Local Security Checks
medium
88968AIX 7.1 TL 3 : bind (IV80189) (deprecated)NessusAIX Local Security Checks
medium
88967AIX 6.1 TL 9 : bind (IV80188) (deprecated)NessusAIX Local Security Checks
medium
88966AIX 5.3 TL 12 : bind (IV80187) (deprecated)NessusAIX Local Security Checks
medium
88851F5 Networks BIG-IP : BIND vulnerability (K34250741)NessusF5 Networks Local Security Checks
medium
88480RHEL 6 : bind (RHSA-2016:0079)NessusRed Hat Local Security Checks
high
88479RHEL 6 : bind (RHSA-2016:0078)NessusRed Hat Local Security Checks
high
88178SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)NessusSuSE Local Security Checks
high
87655SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:2359-1)NessusSuSE Local Security Checks
medium
87653SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:2341-1)NessusSuSE Local Security Checks
medium
87652SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:2340-1)NessusSuSE Local Security Checks
medium
87626openSUSE Security Update : bind (openSUSE-2015-951)NessusSuSE Local Security Checks
medium
87625openSUSE Security Update : bind (openSUSE-2015-950)NessusSuSE Local Security Checks
medium
87502ISC BIND 9.x < 9.9.8-P2 / 9.10.x < 9.10.3-P2 Response Parsing Class Attribute Handling DoSNessusDNS
medium
87491Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20151216)NessusScientific Linux Local Security Checks
medium
87489OracleVM 3.3 : bind (OVMSA-2015-0156)NessusOracleVM Local Security Checks
medium
87460Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20151216)NessusScientific Linux Local Security Checks
medium
87459Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20151216)NessusScientific Linux Local Security Checks
medium
87456RHEL 5 : bind97 (RHSA-2015:2658)NessusRed Hat Local Security Checks
medium
87454RHEL 5 : bind (RHSA-2015:2656)NessusRed Hat Local Security Checks
medium
87453RHEL 6 / 7 : bind (RHSA-2015:2655)NessusRed Hat Local Security Checks
medium
87451Oracle Linux 5 : bind97 (ELSA-2015-2658)NessusOracle Linux Local Security Checks
medium
87449Oracle Linux 5 : bind (ELSA-2015-2656)NessusOracle Linux Local Security Checks
medium
87448Oracle Linux 6 / 7 : bind (ELSA-2015-2655)NessusOracle Linux Local Security Checks
medium
87427Debian DLA-370-1 : bind9 security updateNessusDebian Local Security Checks
medium
87426CentOS 5 : bind97 (CESA-2015:2658)NessusCentOS Local Security Checks
medium
87424CentOS 5 : bind (CESA-2015:2656)NessusCentOS Local Security Checks
medium
87423CentOS 6 / 7 : bind (CESA-2015:2655)NessusCentOS Local Security Checks
medium
87409Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : bind9 vulnerability (USN-2837-1)NessusUbuntu Local Security Checks
medium
87387FreeBSD : bind -- multiple vulnerabilities (a8ec4db7-a398-11e5-85e9-14dae9d210b8)NessusFreeBSD Local Security Checks
high
87384Debian DSA-3420-1 : bind9 - security updateNessusDebian Local Security Checks
medium
87380Amazon Linux AMI : bind (ALAS-2015-631)NessusAmazon Linux Local Security Checks
medium
87375Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-349-01)NessusSlackware Local Security Checks
high