← voltar
CVE-2016-1285

CVE-2016-1285

EPSS 59.0%
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html