The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ISC BIND

computer vulnerability announce CVE-2017-3145

ISC BIND: assertion error via Fetch Cleanup Sequencing

Synthesis of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, BIND, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/01/2018.
Identifiers: bulletinjan2018, bulletinjul2018, CERTFR-2018-AVI-033, CVE-2017-3145, DSA-2019-131, DSA-4089-1, FEDORA-2018-6550550774, FEDORA-2018-97bdb9ba32, JSA10873, JSA10875, JSA10917, K08613310, openSUSE-SU-2018:0323-1, RHSA-2018:0101-01, RHSA-2018:0102-01, RHSA-2018:0487-01, RHSA-2018:0488-01, SSA:2018-017-01, SUSE-SU-2018:0303-1, SUSE-SU-2018:0362-1, USN-3535-1, USN-3535-2, VIGILANCE-VUL-25087.

Description of the vulnerability

An attacker can force an assertion error via Fetch Cleanup Sequencing of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, Junos Space, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-2019-131, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, JSA10917, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-3140 CVE-2017-3141

ISC BIND: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Fedora, HP-UX, BIND, Data ONTAP 7-Mode, Solaris, Slackware.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/06/2017.
Identifiers: bulletinjul2018, CERTFR-2017-AVI-184, CVE-2017-3140, CVE-2017-3141, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, SSA:2017-165-01, VIGILANCE-VUL-22980.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can trigger an endless loop when Response Policy Zones are used, in order to trigger a denial of service. [severity:3/4; CVE-2017-3140]

On MS-Windows, an attacker can make Windows run his own program as the BIND service, thanks to a mishandling of spaces in paths. [severity:2/4; CVE-2017-3141]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-3136 CVE-2017-3137 CVE-2017-3138

ISC BIND: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, HP-UX, BIND, Juniper J-Series, Junos OS, Junos Space, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 13/04/2017.
Identifiers: bulletinjul2018, CERTFR-2017-AVI-112, CVE-2017-3136, CVE-2017-3137, CVE-2017-3138, DLA-957-1, DSA-2019-131, DSA-3854-1, FEDORA-2017-0a876b0ba5, FEDORA-2017-44e494db1e, FEDORA-2017-edce28f24b, FEDORA-2017-ee4b0f53cb, HPESBUX03747, JSA10809, JSA10810, JSA10811, JSA10813, JSA10814, JSA10816, JSA10817, JSA10818, JSA10820, JSA10821, JSA10822, JSA10825, JSA10875, JSA10917, openSUSE-SU-2017:1063-1, RHSA-2017:1095-01, RHSA-2017:1105-01, RHSA-2017:1582-01, RHSA-2017:1583-01, SSA:2017-103-01, SUSE-SU-2017:0998-1, SUSE-SU-2017:0999-1, SUSE-SU-2017:1027-1, USN-3259-1, VIGILANCE-VUL-22445.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can force an assertion error via DNS64 break-dnssec, in order to trigger a denial of service. [severity:3/4; CVE-2017-3136]

An attacker can trigger a fatal error via CNAME Response Ordering, in order to trigger a denial of service. [severity:3/4; CVE-2017-3137]

An attacker can force an assertion error via Null Command String, in order to trigger a denial of service. [severity:2/4; CVE-2017-3138]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-3135

ISC BIND: assertion error via the combination DNS64+RPZ

Synthesis of the vulnerability

An attacker can force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, HP-UX, BIND, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP 7-Mode, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 09/02/2017.
Identifiers: bulletinjul2018, CVE-2017-3135, DLA-843-1, DSA-2019-131, DSA-3795-1, FEDORA-2017-27099c270a, FEDORA-2017-2b46c8b6c2, FEDORA-2017-96b7f4f53e, FEDORA-2017-d0c9bf9508, HPESBUX03747, JSA10799, K80533167, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, openSUSE-SU-2017:0620-1, RHSA-2017:0276-01, SSA:2017-041-01, USN-3201-1, VIGILANCE-VUL-21790.

Description of the vulnerability

The ISC BIND product is a DNS server.

It can compute responses for IPv6 address queries from data for IPv4 addresses. However, when this function is enabled and that the function "Response Policy Zone" is also enabled, an assertion may be evaluated as false, which stops the process with a SIGABORT signal.

An attacker can therefore force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-9131 CVE-2016-9147 CVE-2016-9444

ISC BIND: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP 7-Mode, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/01/2017.
Identifiers: bulletinjan2017, c05381687, CERTFR-2017-AVI-013, CERTFR-2017-AVI-111, CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778, DLA-805-1, DSA-3758-1, FEDORA-2017-59ca54c94e, FEDORA-2017-87992a0557, FEDORA-2017-8f23f564ad, FEDORA-2017-f44f2f5a48, HPESBUX03699, JSA10785, K02138183, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, openSUSE-SU-2017:0182-1, openSUSE-SU-2017:0193-1, RHSA-2017:0062-01, RHSA-2017:0063-01, RHSA-2017:0064-01, RHSA-2017:1583-01, SSA:2017-011-01, SSRT110304, SUSE-SU-2017:0111-1, SUSE-SU-2017:0112-1, SUSE-SU-2017:0113-1, USN-3172-1, VIGILANCE-VUL-21552.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can force an assertion error via ANY Response, in order to trigger a denial of service. [severity:2/4; CVE-2016-9131]

An attacker can force an assertion error via DNSSEC Information Response, in order to trigger a denial of service. [severity:2/4; CVE-2016-9147]

An attacker can force an assertion error via DS Record Response, in order to trigger a denial of service. [severity:2/4; CVE-2016-9444]

An attacker can force an assertion error via nxdomain-redirect, in order to trigger a denial of service. [severity:2/4; CVE-2016-9778]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-8864

ISC BIND: assertion error via DNAME

Synthesis of the vulnerability

An attacker can force an assertion error via DNAME of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP 7-Mode, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 02/11/2016.
Identifiers: bulletinjul2018, bulletinoct2016, c05381687, CERTFR-2017-AVI-111, CVE-2016-8864, DLA-696-1, DSA-3703-1, FEDORA-2016-605fd98c32, FEDORA-2016-8e39076950, FEDORA-2016-9417b4c1dc, FEDORA-2016-e38196b52a, FreeBSD-SA-16:34.bind, HPESBUX03699, JSA10785, K35322517, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, openSUSE-SU-2016:2738-1, openSUSE-SU-2016:2739-1, RHSA-2016:2141-01, RHSA-2016:2142-01, RHSA-2016:2615-01, RHSA-2016:2871-01, RHSA-2017:1583-01, SOL35322517, SSA:2016-308-02, SSRT110304, SUSE-SU-2016:2696-1, SUSE-SU-2016:2697-1, SUSE-SU-2016:2706-1, VIGILANCE-VUL-20991.

Description of the vulnerability

The ISC BIND product can be configured in recursive mode.

However, if a DNS reply contains a special DNAME entry, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via DNAME of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-2848

BIND: assertion error via Options

Synthesis of the vulnerability

An attacker can force an assertion error via DNS Options of BIND, in order to trigger a denial of service.
Impacted products: Debian, AIX, BIND, Data ONTAP 7-Mode, RHEL, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 21/10/2016.
Identifiers: CVE-2016-2848, DLA-672-1, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, RHSA-2016:2093-01, RHSA-2016:2094-01, RHSA-2016:2099-01, USN-3108-1, VIGILANCE-VUL-20928.

Description of the vulnerability

The BIND product implements a DNS service.

However, if the Options section is malformed, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via DNS Options of BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2776

ISC BIND: assertion error via buffer.c

Synthesis of the vulnerability

An attacker can force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 28/09/2016.
Identifiers: AA-01419, bulletinoct2016, c05321107, CERTFR-2017-AVI-111, CVE-2016-2776, DLA-645-1, DSA-3680-1, FEDORA-2016-2d9825f7c1, FEDORA-2016-3af8b344f1, FEDORA-2016-cbef6c8619, FEDORA-2016-cca77daf70, FreeBSD-SA-16:28.bind, JSA10785, K18829561, openSUSE-SU-2016:2406-1, RHSA-2016:1944-01, RHSA-2016:1945-01, RHSA-2016:2099-01, SOL18829561, SSA:2016-271-01, SUSE-SU-2016:2399-1, SUSE-SU-2016:2401-1, SUSE-SU-2016:2405-1, USN-3088-1, VIGILANCE-VUL-20707.

Description of the vulnerability

The ISC BIND product build replies to DNS queries in the dns_message_render*() functions of the lib/dns/message.c file.

However, the DNS_MESSAGE_HEADERLEN header size is not used to check the free space in the response to build. An assertion error thus occurs in the buffer.c file, because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-2775

ISC BIND: infinite loop via lwresd

Synthesis of the vulnerability

An attacker can generate an infinite loop via lwresd of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, HP-UX, AIX, BIND, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, VxWorks.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 19/07/2016.
Identifiers: AA-01393, bulletinjul2016, c05321107, CVE-2016-2775, DLA-645-1, DSA-2019-131, FEDORA-2016-007efacd1c, FEDORA-2016-2941b3264e, FEDORA-2016-3fba74e7f5, FEDORA-2016-53f0c65f40, openSUSE-SU-2017:1063-1, RHSA-2017:2533-01, SSA:2016-204-01, SUSE-SU-2017:0998-1, SUSE-SU-2017:0999-1, SUSE-SU-2017:1027-1, VIGILANCE-VUL-20144.

Description of the vulnerability

The ISC BIND product implements the "lightweight resolver protocol" in the lwresd daemon, or in named when named.conf contains the "lwres" section.

However, if getrrsetbyname() is called to resolve a long relative name (combined with a search list entry), an infinite recursion occurs in lwresd/lwres.

An attacker can therefore generate an infinite loop via lwresd of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about ISC BIND: