Main Vulnerability Database Vulnerabilities #VU4351

#VU4351 Improper input validation in ISC BIND - CVE-2016-9778

Published: January 12, 2017 / Updated: January 12, 2017

Vulnerability identifier: #VU4351

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9778

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ISC BIND

Software vendor:
ISC

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to assertion failure when processing input data. A remote attacker can send a specially crafted query to the target system that uses the nxdomain-redirect feature to cover a zone for which it provides authoritative service, trigger assertion failure and cause denial of service.

Successful exploitation of the vulnerability will result in DoS attack against vulnerable application.

Remediation

The vendor has issued the following versions to address this vulnerability: 9.11.0-P2 or 9.9.9-S7.

External links

https://kb.isc.org/article/AA-01442

#VU4351 Improper input validation in ISC BIND - CVE-2016-9778

Description

Remediation

External links

Please verify you're human