named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Attack Vector Network
Attack Complexity High
Privileges Required None
Scope Changed
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors | Products |
---|---|
Suse |
|
Juniper |
|
Isc |
|
Opensuse |
|
Canonical |
|
Debian |
|
Fedoraproject |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
AND |
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-03-09T23:00:00
Updated: 2017-11-20T15:57:01
Reserved: 2016-01-04T00:00:00
Link: CVE-2016-1285
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-03-09T23:59:02.133
Modified: 2023-11-30T17:08:17.437
Link: CVE-2016-1285
JSON object: View
Redhat Information
No data.
CWE