Input validation error in ISC BIND - CVE-2015-8705
Published: January 20, 2016 / Updated: July 27, 2020
Vulnerability identifier: #VU31953
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2015-8705
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ISC BIND
ISC BIND
Software vendor:
ISC
ISC
Description
The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.
Remediation
Install update from vendor's website.
External links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
- http://www.securityfocus.com/bid/81314
- http://www.securitytracker.com/id/1034740
- https://kb.isc.org/article/AA-01336
- https://kb.isc.org/article/AA-01380
- https://security.gentoo.org/glsa/201610-07