Vulnerability CVE-2016-2776: Information

Description

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-2776
Published: Sept. 28, 2016
Modified: Dec. 27, 2019
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
bindsisyphus9.9.8-alt49.18.26-alt1ALT-PU-2016-2031-1170052Fixed
bindp109.9.8-alt49.16.48-alt1ALT-PU-2016-2031-1170052Fixed
bindp99.9.8-alt49.11.37-alt1ALT-PU-2016-2031-1170052Fixed
bindp89.9.8-alt49.10.8.P1-alt4ALT-PU-2016-2033-1170059Fixed
bindc10f19.9.8-alt49.16.48-alt0.c10f2.1ALT-PU-2016-2031-1170052Fixed
bindc9f29.9.8-alt49.11.37-alt1ALT-PU-2016-2031-1170052Fixed
bindc79.9.3-alt3.M70C.19.9.9-alt1.M70C.1ALT-PU-2016-2045-1170058Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://kb.isc.org/article/AA-01419/0
  • Vendor Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
  • Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107
  • Third Party Advisory
93188
    https://kb.isc.org/article/AA-01438
      https://kb.isc.org/article/AA-01436
        https://kb.isc.org/article/AA-01435
          GLSA-201610-07
            1036903
              40453
                https://security.netapp.com/advisory/ntap-20160930-0001/
                  FreeBSD-SA-16:28
                    RHSA-2016:2099
                      RHSA-2016:1945
                        RHSA-2016:1944

                            1. Configuration 1

                              cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
                              cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
                              cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

                              Configuration 2

                              cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
                              cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
                              cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*

                              Configuration 3

                              cpe:2.3:a:isc:bind:9.10.0:a1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.2:rc2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.1:p2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.11.0:rc1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:b1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.1:b2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:rc2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.1:rc2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:rc1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.3:p3:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:a2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:p1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.1:b1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:p2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.1:rc1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*
                              End including
                              9.9.9
                              cpe:2.3:a:isc:bind:9.11.0:b3:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.0:b2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.3:p4:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.11.0:b2:*:*:*:*:*:*
                              cpe:2.3:a:isc:bind:9.10.3:b1:*:*:*:*:*:*

                              Configuration 4

                              cpe:2.3:o:hp:hp-ux:11.31:*:*:*:*:*:*:*

                              Configuration 5

                              cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*
                              cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
                          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                          Version: v24.5.0
                          Back to top