CVE-2016-6170
Vulnerability Summary
Timeline
Description
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 13.02%• Percentile: 94%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Systems
- isc•bind
≥ 9.0, ≤ 9.9.8 | ≥ 9.10.0, ≤ 9.10.3 | 9.9.9 | 9.9.9:beta1 | 9.9.9:beta2 | 9.9.9:p1 | 9.10.4 | 9.10.4:p1 | 9.11.0:a1 | 9.11.0:a2 | 9.11.0:a3 | 9.11.0:b1
- redhat•enterprise_linux
5.0 | 6.0 | 7.0
References (11)
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html
- http://www.openwall.com/lists/oss-security/2016/07/06/3
- http://www.securitytracker.com/id/1036241
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
- https://security.gentoo.org/glsa/201610-07
- https://kb.isc.org/article/AA-01390
- http://www.securityfocus.com/bid/91611
- https://github.com/sischkg/xfer-limit/blob/master/README.md
- https://kb.isc.org/article/AA-01390/169/CVE-2016-6170
- https://bugzilla.redhat.com/show_bug.cgi?id=1353563