AIX 7.2 TL 0 : bind (IV84459) (deprecated)

high Nessus Plugin ID 91681

Synopsis

This plugin has been deprecated.

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause the named process to crash. ISC BIND is vulnerable to a denial of service, caused by an error when parsing signature records for DNAME resource records. A remote attacker could exploit this vulnerability to trigger an assertion failure in resolver.c or db.c and cause the named process to crash.

This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory12.nasl (plugin id 102124).

Solution

n/a

See Also

http://aix.software.ibm.com/aix/efixes/security/bind_advisory12.asc

Plugin Details

Severity: High

ID: 91681

File Name: aix_IV84459.nasl

Version: Revision: 2.5

Type: local

Published: 6/20/2016

Updated: 8/3/2017

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:ibm:aix:7.2

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Patch Publication Date: 6/17/2016

Vulnerability Publication Date: 6/17/2016

Reference Information

CVE: CVE-2016-1285, CVE-2016-1286