SB2016102503 - Red Hat update for bind
Published: October 25, 2016
Security Bulletin ID
SB2016102503
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Denial of Service (CVE-ID: CVE-2016-2776)
The vulnerability allow a remote unauthenticated user to cause denial of service (DoS) on the target system.The weakness exists due to improper construction of queries responses, which meet certain criteria. By sending specially crafted query to the target service the attacker can trigger an assertion failure in buffer.c that leads to crash and denial of the service.
Successful exploitation of the vulnerability results in DoS condeitions on the vulnerable system.
2) Denial of service (CVE-ID: CVE-2016-2848)
The vulnerability allows a remote unauthenticated user to perform DoS attack on the targete system.The weakness is due to insuffcient handling of options data in an OPT resource record. By sending a specially crafted DNS packet, attackers can trigger the named service to crash.
Successful exploitation of the vulnerability leads to denial of service on the vulnarable system.
Remediation
Install update from vendor's website.