CVE-2016-9147

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.

References

http://rhn.redhat.com/errata/RHSA-2017-0062.html

http://rhn.redhat.com/errata/RHSA-2017-0063.html

http://rhn.redhat.com/errata/RHSA-2017-0064.html

http://www.debian.org/security/2017/dsa-3758

http://www.securityfocus.com/bid/95390

http://www.securitytracker.com/id/1037582

https://access.redhat.com/errata/RHSA-2017:1582

https://access.redhat.com/errata/RHSA-2017:1583

https://kb.isc.org/article/AA-01440/74/CVE-2016-9147

https://security.gentoo.org/glsa/201708-01

https://security.netapp.com/advisory/ntap-20180926-0005/

Details

Source: MITRE

Published: 2017-01-12

Updated: 2018-09-27

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*

Tenable Plugins

View all (42 total)

IDNameProductFamilySeverity
147614EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2021-1396)NessusHuawei Local Security Checks
high
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
102531GLSA-201708-01 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
101409Virtuozzo 7 : bind97 / bind97-chroot / bind97-devel / etc (VZLSA-2017-0064)NessusVirtuozzo Local Security Checks
high
101408Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-0063)NessusVirtuozzo Local Security Checks
high
101407Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-0062)NessusVirtuozzo Local Security Checks
high
101100RHEL 7 : bind (RHSA-2017:1583)NessusRed Hat Local Security Checks
high
101099RHEL 6 : bind (RHSA-2017:1582)NessusRed Hat Local Security Checks
high
100090OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)NessusOracleVM Local Security Checks
high
99871EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1026)NessusHuawei Local Security Checks
high
99870EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1025)NessusHuawei Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
97864F5 Networks BIG-IP : BIND vulnerability (K02138183)NessusF5 Networks Local Security Checks
high
97148Amazon Linux AMI : bind (ALAS-2017-798)NessusAmazon Linux Local Security Checks
high
96840Debian DLA-805-1 : bind9 security updateNessusDebian Local Security Checks
high
96625ISC BIND 9 < 9.9.9-P5 / 9.9.9-S7 / 9.10.4-P5 / 9.11.0-P2 Multiple DoSNessusDNS
high
96621openSUSE Security Update : bind (openSUSE-2017-114)NessusSuSE Local Security Checks
high
96591OracleVM 3.2 : bind (OVMSA-2017-0034)NessusOracleVM Local Security Checks
high
96590OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0033)NessusOracleVM Local Security Checks
high
96586Oracle Linux 5 : bind97 (ELSA-2017-0064)NessusOracle Linux Local Security Checks
high
96585Oracle Linux 5 / 6 : bind (ELSA-2017-0063)NessusOracle Linux Local Security Checks
high
96584Oracle Linux 7 : bind (ELSA-2017-0062)NessusOracle Linux Local Security Checks
high
96581openSUSE Security Update : bind (openSUSE-2017-109)NessusSuSE Local Security Checks
high
96569CentOS 5 : bind97 (CESA-2017:0064)NessusCentOS Local Security Checks
high
96568CentOS 5 / 6 : bind (CESA-2017:0063)NessusCentOS Local Security Checks
high
96567CentOS 7 : bind (CESA-2017:0062)NessusCentOS Local Security Checks
high
96563Scientific Linux Security Update : bind on SL7.x x86_64 (20170116)NessusScientific Linux Local Security Checks
high
96562Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20170116)NessusScientific Linux Local Security Checks
high
96561Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20170116)NessusScientific Linux Local Security Checks
high
96540Fedora 24 : bind99 (2017-8f23f564ad)NessusFedora Local Security Checks
high
96538Fedora 24 : 32:bind (2017-59ca54c94e)NessusFedora Local Security Checks
high
96525RHEL 5 : bind97 (RHSA-2017:0064)NessusRed Hat Local Security Checks
high
96524RHEL 5 / 6 : bind (RHSA-2017:0063)NessusRed Hat Local Security Checks
high
96523RHEL 7 : bind (RHSA-2017:0062)NessusRed Hat Local Security Checks
high
96508Fedora 25 : bind99 (2017-f44f2f5a48)NessusFedora Local Security Checks
high
96503Fedora 25 : 32:bind (2017-87992a0557)NessusFedora Local Security Checks
high
96483Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : bind9 vulnerabilities (USN-3172-1)NessusUbuntu Local Security Checks
high
96473FreeBSD : BIND -- multiple vulnerabilities (d4c7e9a9-d893-11e6-9b4d-d050996490d0)NessusFreeBSD Local Security Checks
high
96460Debian DSA-3758-1 : bind9 - security updateNessusDebian Local Security Checks
high
96435SUSE SLES12 Security Update : bind (SUSE-SU-2017:0113-1)NessusSuSE Local Security Checks
high
96434SUSE SLES11 Security Update : bind (SUSE-SU-2017:0112-1)NessusSuSE Local Security Checks
high
96433SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0111-1)NessusSuSE Local Security Checks
high