CVE-2015-8704

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178045.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175973.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html

http://marc.info/?l=bugtraq&m=145680832702035&w=2

http://rhn.redhat.com/errata/RHSA-2016-0073.html

http://rhn.redhat.com/errata/RHSA-2016-0074.html

http://www.debian.org/security/2016/dsa-3449

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/81329

http://www.securitytracker.com/id/1034739

http://www.ubuntu.com/usn/USN-2874-1

https://kb.isc.org/article/AA-01335

https://kb.isc.org/article/AA-01380

https://kb.isc.org/article/AA-01438

https://security.gentoo.org/glsa/201610-07

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:08.bind.asc

Details

Source: MITRE

Published: 2016-01-20

Updated: 2018-10-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.8:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
147614EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2021-1396)NessusHuawei Local Security Checks
high
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
102123AIX bind Advisory : bind_advisory11.asc (IV81278) (IV81279) (IV81280) (IV81281) (IV81282)NessusAIX Local Security Checks
medium
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
9869ISC BIND 9.x < 9.9.8-P3 / 9.9.8-S4 / 9.9.9-S3 / 9.10.3-P3 DoSNessus Network MonitorDNS Servers
medium
93994GLSA-201610-07 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
91739OracleVM 3.2 : bind (OVMSA-2016-0055)NessusOracleVM Local Security Checks
high
90720AIX 7.2 TL 0 : bind (IV81282) (deprecated)NessusAIX Local Security Checks
medium
90719AIX 7.1 TL 4 : bind (IV81281) (deprecated)NessusAIX Local Security Checks
medium
90718AIX 7.1 TL 3 : bind (IV81280) (deprecated)NessusAIX Local Security Checks
medium
90717AIX 6.1 TL 9 : bind (IV81279) (deprecated)NessusAIX Local Security Checks
medium
90716AIX 5.3 TL 12 : bind (IV81278) (deprecated)NessusAIX Local Security Checks
medium
89650Fedora 23 : bind99-9.9.8-2.P3.fc23 (2016-feb8d77f36)NessusFedora Local Security Checks
medium
89639Fedora 23 : bind-9.10.3-10.P3.fc23 (2016-f3517b9c4c)NessusFedora Local Security Checks
high
89486Fedora 22 : bind-9.10.3-8.P3.fc22 (2016-1ab53bf440)NessusFedora Local Security Checks
high
89479Fedora 22 : bind99-9.9.8-2.P3.fc22 (2016-1323b9078a)NessusFedora Local Security Checks
medium
88909Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2016-054-01)NessusSlackware Local Security Checks
high
88852F5 Networks BIG-IP : BIND vulnerability (K53445000)NessusF5 Networks Local Security Checks
medium
88451Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160127)NessusScientific Linux Local Security Checks
medium
88450Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20160127)NessusScientific Linux Local Security Checks
medium
88449RHEL 5 : bind97 (RHSA-2016:0074)NessusRed Hat Local Security Checks
medium
88448RHEL 5 / 6 / 7 : bind (RHSA-2016:0073)NessusRed Hat Local Security Checks
medium
88446OracleVM 3.3 : bind (OVMSA-2016-0009)NessusOracleVM Local Security Checks
medium
88445Oracle Linux 5 : bind97 (ELSA-2016-0074)NessusOracle Linux Local Security Checks
medium
88444Oracle Linux 5 / 6 / 7 : bind (ELSA-2016-0073)NessusOracle Linux Local Security Checks
medium
88421CentOS 5 : bind97 (CESA-2016:0074)NessusCentOS Local Security Checks
medium
88420CentOS 5 / 6 / 7 : bind (CESA-2016:0073)NessusCentOS Local Security Checks
medium
88385ISC BIND 9.3.0 < 9.9.8-P3 / 9.9.x-Sx < 9.9.8-S4 / 9.10.x < 9.10.3-P3 Multiple DoSNessusDNS
high
88178SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)NessusSuSE Local Security Checks
medium
88158openSUSE Security Update : bind (openSUSE-2016-73)NessusSuSE Local Security Checks
medium
88142SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2016:0200-1)NessusSuSE Local Security Checks
medium
88138openSUSE Security Update : bind (openSUSE-2016-71)NessusSuSE Local Security Checks
medium
88137openSUSE Security Update : bind (openSUSE-2016-70)NessusSuSE Local Security Checks
medium
88113FreeBSD : bind -- denial of service vulnerability (b4578647-c12b-11e5-96d6-14dae9d210b8)NessusFreeBSD Local Security Checks
medium
88039SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:0180-1)NessusSuSE Local Security Checks
medium
88018Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : bind9 vulnerability (USN-2874-1)NessusUbuntu Local Security Checks
medium
88008SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:0174-1)NessusSuSE Local Security Checks
medium
87996Debian DSA-3449-1 : bind9 - security updateNessusDebian Local Security Checks
medium
87994Debian DLA-396-1 : bind9 security updateNessusDebian Local Security Checks
medium
87990Amazon Linux AMI : bind (ALAS-2016-641)NessusAmazon Linux Local Security Checks
medium