CVE-2016-2776

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

References

http://rhn.redhat.com/errata/RHSA-2016-1944.html

http://rhn.redhat.com/errata/RHSA-2016-1945.html

http://rhn.redhat.com/errata/RHSA-2016-2099.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/bid/93188

http://www.securitytracker.com/id/1036903

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107

https://kb.isc.org/article/AA-01419/0

https://kb.isc.org/article/AA-01435

https://kb.isc.org/article/AA-01436

https://kb.isc.org/article/AA-01438

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc

https://security.gentoo.org/glsa/201610-07

https://security.netapp.com/advisory/ntap-20160930-0001/

https://www.exploit-db.com/exploits/40453/

Details

Source: MITRE

Published: 2016-09-28

Updated: 2019-12-27

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:* versions up to 9.9.9 (inclusive)

cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.2:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:rc1:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:hp:hp-ux:11.31:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
121700Photon OS 1.0: Bindutils PHSA-2017-0021NessusPhotonOS Local Security Checks
high
111870Photon OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated)NessusPhotonOS Local Security Checks
high
102125AIX bind Advisory : bind_advisory13.asc (IV89828) (IV89829) (IV89830) (IV89831) (IV90056)NessusAIX Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
97416EulerOS 2.0 SP1 : bind (EulerOS-SA-2016-1052)NessusHuawei Local Security Checks
high
9875ISC BIND 9.x < 9.9.9-P3 / 9.9.9-S5 / 9.10.4-P3 / 9.11.0-P1 DoSNessus Network MonitorDNS Servers
high
95939F5 Networks BIG-IP : BIND vulnerability (K18829561)NessusF5 Networks Local Security Checks
high
94968AIX 5.3 TL 12 : bind (IV90056) (deprecated)NessusAIX Local Security Checks
high
94967AIX 7.2 TL 0 : bind (IV89831) (deprecated)NessusAIX Local Security Checks
high
94966AIX 7.1 TL 3 : bind (IV89830) (deprecated)NessusAIX Local Security Checks
high
94965AIX 7.1 TL 4 : bind (IV89829) (deprecated)NessusAIX Local Security Checks
high
94964AIX 6.1 TL 9 : bind (IV89828) (deprecated)NessusAIX Local Security Checks
high
94884Fedora 25 : bind99 (2016-f6e4e66202)NessusFedora Local Security Checks
high
94821Fedora 25 : 32:bind (2016-76bd94ca9e)NessusFedora Local Security Checks
high
94265RHEL 6 : bind (RHSA-2016:2099)NessusRed Hat Local Security Checks
high
94237Fedora 23 : bind99 (2016-cbef6c8619)NessusFedora Local Security Checks
high
94236Fedora 23 : 32:bind (2016-3af8b344f1)NessusFedora Local Security Checks
high
93994GLSA-201610-07 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
93888Fedora 24 : bind99 (2016-cca77daf70)NessusFedora Local Security Checks
high
93878Fedora 24 : 32:bind (2016-2d9825f7c1)NessusFedora Local Security Checks
high
93868Debian DLA-645-1 : bind9 security updateNessusDebian Local Security Checks
high
93865ISC BIND 9.9.x < 9.9.9-P3 / 9.10.x < 9.10.4-P3 / 9.11.x < 9.11.0rc3 buffer.c Query Response DoSNessusDNS
high
93797Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160928)NessusScientific Linux Local Security Checks
high
93796Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20160928)NessusScientific Linux Local Security Checks
high
93793OracleVM 3.2 : bind (OVMSA-2016-0137)NessusOracleVM Local Security Checks
high
93792OracleVM 3.3 / 3.4 : bind (OVMSA-2016-0136)NessusOracleVM Local Security Checks
high
93791Oracle Linux 5 : bind97 (ELSA-2016-1945)NessusOracle Linux Local Security Checks
high
93790Oracle Linux 5 / 6 / 7 : bind (ELSA-2016-1944)NessusOracle Linux Local Security Checks
high
93789Amazon Linux AMI : bind (ALAS-2016-751)NessusAmazon Linux Local Security Checks
high
93785RHEL 5 : bind97 (RHSA-2016:1945)NessusRed Hat Local Security Checks
high
93784RHEL 5 / 6 / 7 : bind (RHSA-2016:1944)NessusRed Hat Local Security Checks
high
93782openSUSE Security Update : bind (openSUSE-2016-1133)NessusSuSE Local Security Checks
high
93781FreeBSD : BIND -- Remote Denial of Service vulnerability (c8d902b1-8550-11e6-81e7-d050996490d0)NessusFreeBSD Local Security Checks
high
93780CentOS 5 : bind97 (CESA-2016:1945)NessusCentOS Local Security Checks
high
93779CentOS 5 / 6 / 7 : bind (CESA-2016:1944)NessusCentOS Local Security Checks
high
93773Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : bind9 vulnerability (USN-3088-1)NessusUbuntu Local Security Checks
high
93772SUSE SLES11 Security Update : bind (SUSE-SU-2016:2405-1)NessusSuSE Local Security Checks
high
93770SUSE SLES12 Security Update : bind (SUSE-SU-2016:2401-1)NessusSuSE Local Security Checks
high
93769SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:2399-1)NessusSuSE Local Security Checks
high
93748Debian DSA-3680-1 : bind9 - security updateNessusDebian Local Security Checks
high
93742Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2016-271-01)NessusSlackware Local Security Checks
high