CVE-2016-9778

MEDIUM

Description

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.

References

http://www.securityfocus.com/bid/95388

http://www.securitytracker.com/id/1037582

https://kb.isc.org/article/AA-01442/

https://security.gentoo.org/glsa/201708-01

https://security.netapp.com/advisory/ntap-20180926-0005/

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-10-09

Type: CWE-388

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
102531GLSA-201708-01 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
9967ISC BIND 9.9.8-S < 9.9.8-S7 / 9.9.9-S < 9.9.9-S7 / 9.11.0 < 9.11.0-P2 DoSNessus Network MonitorDNS Servers
high
96625ISC BIND 9 < 9.9.9-P5 / 9.9.9-S7 / 9.10.4-P5 / 9.11.0-P2 Multiple DoSNessusDNS
medium
96473FreeBSD : BIND -- multiple vulnerabilities (d4c7e9a9-d893-11e6-9b4d-d050996490d0)NessusFreeBSD Local Security Checks
medium
96407Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-011-01)NessusSlackware Local Security Checks
medium