CVE-2015-8000

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html

http://marc.info/?l=bugtraq&m=145680832702035&w=2

http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html

http://rhn.redhat.com/errata/RHSA-2015-2655.html

http://rhn.redhat.com/errata/RHSA-2015-2656.html

http://rhn.redhat.com/errata/RHSA-2015-2658.html

http://rhn.redhat.com/errata/RHSA-2016-0078.html

http://rhn.redhat.com/errata/RHSA-2016-0079.html

http://www.debian.org/security/2015/dsa-3420

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/79349

http://www.securitytracker.com/id/1034418

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966

http://www.ubuntu.com/usn/USN-2837-1

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105

https://kb.isc.org/article/AA-01317

https://kb.isc.org/article/AA-01380

https://kb.isc.org/article/AA-01438

Details

Source: MITRE

Published: 2015-12-16

Updated: 2019-12-27

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.4:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.7:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.8:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
102122AIX bind Advisory : bind_advisory10.asc (IV80187) (IV80188) (IV80189) (IV80191) (IV80192)NessusAIX Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
9867ISC BIND 9.x < 9.9.8-P2 / 9.9.8-S3 / 9.9.9-S3 / 9.10.3-P2 DoSNessus Network MonitorDNS Servers
medium
91739OracleVM 3.2 : bind (OVMSA-2016-0055)NessusOracleVM Local Security Checks
high
89441Fedora 22 : bind99-9.9.8-1.P2.fc22 / dhcp-4.3.2-6.fc22 (2015-e278e12ebc)NessusFedora Local Security Checks
medium
89221Fedora 23 : bind99-9.9.8-1.P2.fc23 / dhcp-4.3.3-7.fc23 (2015-40882ddfb1)NessusFedora Local Security Checks
medium
89192Fedora 22 : bind-9.10.3-7.P2.fc22 / bind-dyndb-ldap-7.0-6.fc22 / dnsperf-2.0.0.0-19.fc22 (2015-2df40de264)NessusFedora Local Security Checks
high
89136Fedora 23 : bind-9.10.3-7.P2.fc23 / bind-dyndb-ldap-8.0-4.fc23 / dnsperf-2.0.0.0-19.fc23 (2015-09bf9e06ea)NessusFedora Local Security Checks
high
88970AIX 7.2 TL 0 : bind (IV80192) (deprecated)NessusAIX Local Security Checks
medium
88969AIX 7.1 TL 4 : bind (IV80191) (deprecated)NessusAIX Local Security Checks
medium
88968AIX 7.1 TL 3 : bind (IV80189) (deprecated)NessusAIX Local Security Checks
medium
88967AIX 6.1 TL 9 : bind (IV80188) (deprecated)NessusAIX Local Security Checks
medium
88966AIX 5.3 TL 12 : bind (IV80187) (deprecated)NessusAIX Local Security Checks
medium
88851F5 Networks BIG-IP : BIND vulnerability (K34250741)NessusF5 Networks Local Security Checks
medium
88480RHEL 6 : bind (RHSA-2016:0079)NessusRed Hat Local Security Checks
high
88479RHEL 6 : bind (RHSA-2016:0078)NessusRed Hat Local Security Checks
high
88178SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)NessusSuSE Local Security Checks
medium
87655SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:2359-1)NessusSuSE Local Security Checks
medium
87653SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:2341-1)NessusSuSE Local Security Checks
medium
87652SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:2340-1)NessusSuSE Local Security Checks
medium
87626openSUSE Security Update : bind (openSUSE-2015-951)NessusSuSE Local Security Checks
medium
87625openSUSE Security Update : bind (openSUSE-2015-950)NessusSuSE Local Security Checks
medium
87502ISC BIND 9.x < 9.9.8-P2 / 9.10.x < 9.10.3-P2 Response Parsing Class Attribute Handling DoSNessusDNS
high
87491Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20151216)NessusScientific Linux Local Security Checks
medium
87489OracleVM 3.3 : bind (OVMSA-2015-0156)NessusOracleVM Local Security Checks
medium
87460Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20151216)NessusScientific Linux Local Security Checks
medium
87459Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20151216)NessusScientific Linux Local Security Checks
medium
87456RHEL 5 : bind97 (RHSA-2015:2658)NessusRed Hat Local Security Checks
medium
87454RHEL 5 : bind (RHSA-2015:2656)NessusRed Hat Local Security Checks
medium
87453RHEL 6 / 7 : bind (RHSA-2015:2655)NessusRed Hat Local Security Checks
medium
87451Oracle Linux 5 : bind97 (ELSA-2015-2658)NessusOracle Linux Local Security Checks
medium
87449Oracle Linux 5 : bind (ELSA-2015-2656)NessusOracle Linux Local Security Checks
medium
87448Oracle Linux 6 / 7 : bind (ELSA-2015-2655)NessusOracle Linux Local Security Checks
medium
87427Debian DLA-370-1 : bind9 security updateNessusDebian Local Security Checks
medium
87426CentOS 5 : bind97 (CESA-2015:2658)NessusCentOS Local Security Checks
medium
87424CentOS 5 : bind (CESA-2015:2656)NessusCentOS Local Security Checks
medium
87423CentOS 6 / 7 : bind (CESA-2015:2655)NessusCentOS Local Security Checks
medium
87409Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : bind9 vulnerability (USN-2837-1)NessusUbuntu Local Security Checks
medium
87387FreeBSD : bind -- multiple vulnerabilities (a8ec4db7-a398-11e5-85e9-14dae9d210b8)NessusFreeBSD Local Security Checks
high
87384Debian DSA-3420-1 : bind9 - security updateNessusDebian Local Security Checks
medium
87380Amazon Linux AMI : bind (ALAS-2015-631)NessusAmazon Linux Local Security Checks
medium
87375Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-349-01)NessusSlackware Local Security Checks
high