CVE-2016-6170

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/07/06/3	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/91611	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036241	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353563	Issue Tracking Patch Third Party Advisory
https://github.com/sischkg/xfer-limit/blob/master/README.md	Exploit Patch Third Party Advisory
https://kb.isc.org/article/AA-01390	Vendor Advisory
https://kb.isc.org/article/AA-01390/169/CVE-2016-6170	Vendor Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html	Mailing List Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html	Mailing List Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201610-07	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:isc:bind::::::::
	cpe:2.3:a:isc:bind::::::::
	cpe:2.3:a:isc:bind:9.9.9:-::::::
	cpe:2.3:a:isc:bind:9.9.9:beta1::::::
	cpe:2.3:a:isc:bind:9.9.9:beta2::::::
	cpe:2.3:a:isc:bind:9.9.9:p1::::::
	cpe:2.3:a:isc:bind:9.10.4:-::::::
	cpe:2.3:a:isc:bind:9.10.4:p1::::::
	cpe:2.3:a:isc:bind:9.11.0:a1::::::
	cpe:2.3:a:isc:bind:9.11.0:a2::::::
	cpe:2.3:a:isc:bind:9.11.0:a3::::::
	cpe:2.3:a:isc:bind:9.11.0:b1::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

History

No history.

Information

Published : 2016-07-06 14:59

Updated : 2024-02-04 18:53

NVD link : CVE-2016-6170

Mitre link : CVE-2016-6170

CVE.ORG link : CVE-2016-6170

JSON object : View

Products Affected

isc

bind

redhat

enterprise_linux

CWE

CWE-20

Improper Input Validation

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-6170

6.5^/10

4.0^/10

Attach tags to `CVE-2016-6170`