CVE-2016-9131

Description

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 68.03%• Percentile: 99%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• debian•debian_linux

  8.0

• isc•bind

  ≥ 9.0, ≤ 9.9.8 | ≥ 9.10.0, ≤ 9.10.3 | 9.9.9 | 9.9.9:b1 | 9.9.9:b2 | 9.9.9:p1 | 9.9.9:p3 | 9.9.9:p4 | 9.10.4:b2 | 9.10.4:b3 | 9.10.4:p2 | 9.10.4:p3 | 9.10.4:p4 | 9.10.4:rc1 | 9.11.0:a1 | 9.11.0:a2 | 9.11.0:a3 | 9.11.0:b1 | 9.11.0:b2 | 9.11.0:b3 | 9.11.0:p1 | 9.11.0:rc1

• netapp•data_ontap_edge

  na

• netapp•hci_management_node

  na

• netapp•solidfire

  na

• netapp•steelstore_cloud_integrated_storage

  na

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_eus

  7.2 | 7.3 | 7.4 | 7.5 | 7.6 | 7.7

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_server_aus

  7.2 | 7.3 | 7.4 | 7.6 | 7.7

• redhat•enterprise_linux_server_tus

  7.2 | 7.3 | 7.6 | 7.7

• redhat•enterprise_linux_server_workstation

  7.0

References (9)

• http://www.securitytracker.com/id/1037582
• https://security.gentoo.org/glsa/201708-01
• https://kb.isc.org/article/AA-01439/74/CVE-2016-9131
• http://www.securityfocus.com/bid/95386
• https://security.netapp.com/advisory/ntap-20180926-0005/
• http://www.debian.org/security/2017/dsa-3758
• https://access.redhat.com/errata/RHSA-2017:1583
• http://rhn.redhat.com/errata/RHSA-2017-0062.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687