SB2017011342 - Input validation error in bind (Alpine package)
Published: January 13, 2017
Security Bulletin ID
SB2017011342
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2016-9147)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to assertion failure when processing input data. A remote attacker can send a response containing an inconsistency among the DNSSEC-related RRsets, trigger assertion failure and cause denial of service.
Successful exploitation of the vulnerability will result in DoS attack against vulnerable application.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c38ff6c4c17ad578319bf6efda6b7f8ccd21640b
- https://git.alpinelinux.org/aports/commit/?id=95378b844fdafeac63ebaaa24ca8f0b0da3f3978
- https://git.alpinelinux.org/aports/commit/?id=50ad495539ff98e25828fd2aee3bf1a67a6c3195
- https://git.alpinelinux.org/aports/commit/?id=db19c120bc6d032b9f6fa773b7875be828dcfd62
- https://git.alpinelinux.org/aports/commit/?id=859db39dd1ffc64c813d886d9fa7a4eb04e08024