Input validation error in ISC BIND - CVE-2015-8705
Published: January 20, 2016 / Updated: July 27, 2020
ISC BIND
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.
How to mitigate CVE-2015-8705
Sources
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
- http://www.securityfocus.com/bid/81314
- http://www.securitytracker.com/id/1034740
- https://kb.isc.org/article/AA-01336
- https://kb.isc.org/article/AA-01380
- https://security.gentoo.org/glsa/201610-07