Main Vulnerability Database SB2016070801

SB2016070801 - Denial of service vulnerability in BIND

Published: July 8, 2016 Updated: July 11, 2016

Security Bulletin ID SB2016070801

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) AXFR/IXFR response processing flaw in BIND (CVE-ID: CVE-2016-6170)

The vulnerability allows a remote attacker to cause the target service to crash.

The vulnerability exists due to resource error in BIND. A remote primary DNS server can cause the target secondary DNS server to crash by sending a specially crafted AXFR response or IXFR response. A remote unauthenticated attacker may be able to send a specially crafted UPDATE message to cause the target server to crash.

Successful exploitation of this vulnerability may result in denial of service.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://kb.isc.org/article/AA-01390