SB2017011344 - Input validation error in bind (Alpine package)
Published: January 13, 2017
Security Bulletin ID
SB2017011344
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2016-9131)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to assertion failure when processing DNS responses. A remote attacker can send a malformed response to an RTYPE ANY query, trigger assertion failure and cause denial of service.
Successful exploitation of the vulnerability will result in DoS attack against vulnerable application.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=95378b844fdafeac63ebaaa24ca8f0b0da3f3978
- https://git.alpinelinux.org/aports/commit/?id=50ad495539ff98e25828fd2aee3bf1a67a6c3195
- https://git.alpinelinux.org/aports/commit/?id=db19c120bc6d032b9f6fa773b7875be828dcfd62
- https://git.alpinelinux.org/aports/commit/?id=859db39dd1ffc64c813d886d9fa7a4eb04e08024