6.5

CVE-2016-6170

Exploit
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version >= 9.0 <= 9.9.8
IscBind Version >= 9.10.0 <= 9.10.3
IscBind Version9.9.9 Update-
IscBind Version9.9.9 Updatebeta1
IscBind Version9.9.9 Updatebeta2
IscBind Version9.9.9 Updatep1
IscBind Version9.10.4 Update-
IscBind Version9.10.4 Updatep1
IscBind Version9.11.0 Updatea1
IscBind Version9.11.0 Updatea2
IscBind Version9.11.0 Updatea3
IscBind Version9.11.0 Updateb1
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 40.54% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201610-07
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/06/3
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/91611
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036241
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353563
Patch
Third Party Advisory
Issue Tracking
https://github.com/sischkg/xfer-limit/blob/master/README.md
Patch
Third Party Advisory
Exploit
https://kb.isc.org/article/AA-01390
Vendor Advisory
https://kb.isc.org/article/AA-01390/169/CVE-2016-6170
Vendor Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
Third Party Advisory
Mailing List
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html
Third Party Advisory
Mailing List
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html
Third Party Advisory
Mailing List