Details of VAR-201611-0348

ID

VAR-201611-0348

CVE

CVE-2016-8864

TITLE

ISC BIND of DNAME Vulnerability in processing response packets containing records

Trust: 0.8

sources: JVNDB: JVNDB-2016-005674

DESCRIPTION

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. ISC BIND Is DNAME There is a problem with the response packet containing the record, db.c Or resolver.c so assertion failture ( Violation of representation ) And the result named May end abnormally. (resolver.c so assertion failure If this happens "INSIST((valoptions & 0x0002U) != 0) failed" , db.c so assertion failure If this happens "REQUIRE(targetp != ((void *)0) && *targetp == ((void *)0)) failed" Is displayed. ) According to the developer, 2016 Year 11 Moon 2 No attacks have been observed as of the day, but queries that cause crashes are mentioned on the public mailing list. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. https://cwe.mitre.org/data/definitions/19.htmlService disruption by a remote third party (DoS) An attack may be carried out. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. ISC BIND versions 9.0.x through 9.8.x, 9.9.0 through 9.9.9-P3, 9.9.3-S1 through 9.9.9-S5, 9.10.0 through 9.10.4-P3 and 9.11.0 are vulnerable. 5 client) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:2871-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2871.html Issue date: 2016-12-06 CVE Names: CVE-2016-8864 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.6.src.rpm x86_64: bind-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.6.i686.rpm bind-libs-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.6.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm x86_64: bind-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 6.6): Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.7): Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm i386: bind-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.i686.rpm ppc64: bind-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm s390x: bind-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.s390x.rpm x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: bind-9.7.3-8.P3.el6_2.6.src.rpm x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.6.i686.rpm bind-devel-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.5): Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 6.6): x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.7): i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.i686.rpm ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-8864 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01434 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYRlsfXlSAg2UNWIIRAmy8AJ9xFyJSMmX2XN+lcWzsNNQT7cfR8QCggVOj KpG5DRbXaKAdrUMg5IeIS+s= =aWJX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3119-1 November 01, 2016 bind9 vulnerability =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Software Description: - bind9: Internet Domain Name Server Details: Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.2 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.10 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.19 In general, a standard system update will make all the necessary changes. 7.2) - ppc64, ppc64le, s390x, x86_64 3. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459648) 4. Release Date: 2017-01-27 Last Updated: 2017-01-27 Potential Security Impact: Remote: Denial of Service (DoS) Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). - HP-UX BIND B.11.31 - BIND 9.9.4 prior to C.9.9.4.9.0 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-8864 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9131 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-9444 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has provided the following software updates to resolve the vulnerability in the HP-UX BIND service running named. * BIND 9.9.4 for HP-UX Release B.11.31 (PA and IA) * Depot: HP_UX_11.31_HPUX-NameServer_C.9.9.4.9.0_HP-UX_B.11.31_IA_PA.depot Note: The depot files can be found here: <https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=BIND> MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HPE and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: <https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA> The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 IA/PA =================== NameService.BIND-AUX NameService.BIND-RUN action: install C.9.9.4.9.0 or subsequent HISTORY Version:1 (rev.1) - 28 January 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Workaround ========== There is no known workaround at this time. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.4_p4" References ========== [ 1 ] CVE-2016-8864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-26 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2016-8864 // JVNDB: JVNDB-2016-005674 // BID: 94067 // VULMON: CVE-2016-8864 // PACKETSTORM: 139496 // PACKETSTORM: 139541 // PACKETSTORM: 140046 // PACKETSTORM: 139461 // PACKETSTORM: 143169 // PACKETSTORM: 140943 // PACKETSTORM: 140436

AFFECTED PRODUCTS

vendor:	isc	model:	bind	scope:	eq	version:	9.11.0	Trust: 1.8
vendor:	isc	model:	bind	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.9.9	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.10.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	data ontap edge	scope:	eq	version:	-	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.4	Trust: 1.0
vendor:	isc	model:	bind	scope:	lt	version:	9.10.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	6.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.10.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	5.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	lt	version:	9.9.9	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.0.1	Trust: 0.9
vendor:	isc	model:	bind	scope:	eq	version:	9.0	Trust: 0.9
vendor:	isc	model:	bind	scope:	lte	version:	9.0.x from 9.8.x	Trust: 0.8
vendor:	isc	model:	bind	scope:	lte	version:	9.10.0 from 9.10.4-p3	Trust: 0.8
vendor:	isc	model:	bind	scope:	lte	version:	9.9.0 from 9.9.9-p3	Trust: 0.8
vendor:	isc	model:	bind	scope:	lte	version:	9.9.3-s1 from 9.9.9-s5	Trust: 0.8
vendor:	isc	model:	bind	scope:	eq	version:	9.2.4	Trust: 0.6
vendor:	isc	model:	bind	scope:	eq	version:	9.0.0	Trust: 0.6
vendor:	juniper	model:	junos 15.1x49-d60	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d60	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d55	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d51	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d50	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d46	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d45	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d37	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d36	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.4.4	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.4.3	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.4.6.0	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.3.9.0	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.3.8.0	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.3.7.0	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.3.6.0	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.3.3	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.3.2.0	Trust: 0.3
vendor:	ibm	model:	netezza host management	scope:	eq	version:	5.3.10.0	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	hp	model:	hp-ux bind b.11.31	scope:	-	version:	-	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.4.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.4.0	Trust: 0.3
vendor:	juniper	model:	junos 15.1x49-d70	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d45	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d65	scope:	ne	version:	-	Trust: 0.3

sources: BID: 94067 // JVNDB: JVNDB-2016-005674 // CNNVD: CNNVD-201610-898 // NVD: CVE-2016-8864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8864
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8864
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201610-898
value:	HIGH
Trust: 0.6
VULMON:	CVE-2016-8864
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8864
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2016-8864
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2016-8864
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2016-8864 // JVNDB: JVNDB-2016-005674 // CNNVD: CNNVD-201610-898 // NVD: CVE-2016-8864

PROBLEMTYPE DATA

problemtype:	CWE-617	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2016-005674 // NVD: CVE-2016-8864

THREAT TYPE

remote

Trust: 1.2

sources: PACKETSTORM: 139496 // PACKETSTORM: 139541 // PACKETSTORM: 140046 // PACKETSTORM: 139461 // PACKETSTORM: 143169 // PACKETSTORM: 140436 // CNNVD: CNNVD-201610-898

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201610-898

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005674

PATCH

title:	CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure	url:	https://kb.isc.org/article/AA-01434	Trust: 0.8
title:	ISC BIND Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65217	Trust: 0.6
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162615 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162141 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162871 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind97 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162142 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171583 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: bind9 vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3119-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3703-1 bind9 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=25170e4c26eb5596b991447b2fe3f73c	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201611-3] bind: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201611-3	Trust: 0.1
title:	Debian Security Advisories: DSA-3795-1 bind9 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e9e51aab92f45f9d888ad1ffc92c4f3d	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2017-3135: Assertion failure when using DNS64 and RPZ can lead to crash	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=81f60d35c70eaa48875e5b7abedb8f93	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-768	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-768	Trust: 0.1
title:	Red Hat: CVE-2016-8864	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-8864	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2016-8864	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2016-6170: Improper restriction of zone size limit	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e02ec149f48761d28abbc8f9e7aa9438	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=242cf61148134d5daf6c6f211f3dc7b2	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=203ff59e2f48888eafac702f965368d2	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=1b1bb9752a4b7727509a33fc1bcf30af	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=da9e0b6af817aa72c070683e0bb02db7	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=9d0264b02e692c0714293a515e15b50a	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2016-2776: Assertion failure in query processing	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=fdfc8fe346679f9224f550ec67083216	Trust: 0.1
title:	Forcepoint Security Advisories: CVE-2016-8864 BIND Security Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=4a067339d3ba130473f82866197373b9	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6839c4d3fd328571c675c335d58b5591	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=21c0efa2643d707e2f50a501209eb75c	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=13f3551b67d913fba90df4b2c0dae0bf	Trust: 0.1
title:	check_debsecan	url:	https://github.com/AMD1212/check_debsecan	Trust: 0.1
title:	Vision	url:	https://github.com/CoolerVoid/Vision	Trust: 0.1
title:	Vision2	url:	https://github.com/CoolerVoid/Vision2	Trust: 0.1
title:	bind9	url:	https://github.com/ALTinners/bind9	Trust: 0.1
title:	balabit-os-7-bind9	url:	https://github.com/balabit-deps/balabit-os-7-bind9	Trust: 0.1
title:	os-bind9	url:	https://github.com/pexip/os-bind9	Trust: 0.1
title:	rhsecapi	url:	https://github.com/RedHatOfficial/rhsecapi	Trust: 0.1
title:	cve-pylib	url:	https://github.com/RedHatProductSecurity/cve-pylib	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2017/04/13/monster_patch_day_for_juniper/	Trust: 0.1

sources: VULMON: CVE-2016-8864 // JVNDB: JVNDB-2016-005674 // CNNVD: CNNVD-201610-898

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8864	Trust: 3.5
db:	ISC	id:	AA-01434	Trust: 2.4
db:	BID	id:	94067	Trust: 2.0
db:	ISC	id:	AA-01435	Trust: 1.7
db:	ISC	id:	AA-01437	Trust: 1.7
db:	ISC	id:	AA-01436	Trust: 1.7
db:	ISC	id:	AA-01438	Trust: 1.7
db:	SECTRACK	id:	1037156	Trust: 1.7
db:	JVN	id:	JVNVU92683474	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-005674	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-898	Trust: 0.6
db:	JUNIPER	id:	JSA10785	Trust: 0.3
db:	VULMON	id:	CVE-2016-8864	Trust: 0.1
db:	PACKETSTORM	id:	139496	Trust: 0.1
db:	PACKETSTORM	id:	139541	Trust: 0.1
db:	PACKETSTORM	id:	140046	Trust: 0.1
db:	PACKETSTORM	id:	139461	Trust: 0.1
db:	ISC	id:	AA-01440	Trust: 0.1
db:	ISC	id:	AA-01441	Trust: 0.1
db:	ISC	id:	AA-01466	Trust: 0.1
db:	ISC	id:	AA-01439	Trust: 0.1
db:	PACKETSTORM	id:	143169	Trust: 0.1
db:	PACKETSTORM	id:	140943	Trust: 0.1
db:	PACKETSTORM	id:	140436	Trust: 0.1

sources: VULMON: CVE-2016-8864 // BID: 94067 // JVNDB: JVNDB-2016-005674 // PACKETSTORM: 139496 // PACKETSTORM: 139541 // PACKETSTORM: 140046 // PACKETSTORM: 139461 // PACKETSTORM: 143169 // PACKETSTORM: 140943 // PACKETSTORM: 140436 // CNNVD: CNNVD-201610-898 // NVD: CVE-2016-8864

REFERENCES

url:	https://kb.isc.org/article/aa-01434	Trust: 2.4
url:	http://rhn.redhat.com/errata/rhsa-2016-2871.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2615.html	Trust: 1.8
url:	https://security.gentoo.org/glsa/201701-26	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2017:1583	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2142.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/94067	Trust: 1.7
url:	https://kb.isc.org/article/aa-01438	Trust: 1.7
url:	https://kb.isc.org/article/aa-01437	Trust: 1.7
url:	https://kb.isc.org/article/aa-01436	Trust: 1.7
url:	https://kb.isc.org/article/aa-01435	Trust: 1.7
url:	http://www.debian.org/security/2016/dsa-3703	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05381687	Trust: 1.7
url:	http://www.securitytracker.com/id/1037156	Trust: 1.7
url:	https://security.freebsd.org/advisories/freebsd-sa-16:34.bind.asc	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-2141.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20180926-0005/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8864	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2016/at160044.html	Trust: 0.8
url:	https://www.nic.ad.jp/ja/topics/2016/20161102-01.html	Trust: 0.8
url:	https://jprs.jp/tech/security/2016-11-02-bind9-vuln-dname.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92683474/index.html	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8864	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8864	Trust: 0.7
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05381687	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-8864	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	http://www.isc.org/products/bind/	Trust: 0.3
url:	https://support.f5.com/kb/en-us/solutions/public/k/35/sol35322517.html?sr=59127107	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10785&cat=sirt_1&actp=list	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1024402	Trust: 0.3
url:	http://aix.software.ibm.com/aix/efixes/security/bind_advisory14.asc	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21994505	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9131	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9444	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/617.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2016:2615	Trust: 0.1
url:	https://usn.ubuntu.com/3119-1/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=49560	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.p1-4ubuntu0.19	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.10	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-10.1ubuntu1.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-8ubuntu1.2	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-3119-1	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-9147	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-9444	Trust: 0.1
url:	https://kb.isc.org/article/aa-01441	Trust: 0.1
url:	https://kb.isc.org/article/aa-01439	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-3137	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3137	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9147	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-9131	Trust: 0.1
url:	https://kb.isc.org/article/aa-01440	Trust: 0.1
url:	https://kb.isc.org/article/aa-01466	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.1
url:	https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8864	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

CREDITS

and others, Marco Davids (SIDN Labs),ony Finch (University of Cambridge)

Trust: 0.6

sources: CNNVD: CNNVD-201610-898

SOURCES

db:	VULMON	id:	CVE-2016-8864
db:	BID	id:	94067
db:	JVNDB	id:	JVNDB-2016-005674
db:	PACKETSTORM	id:	139496
db:	PACKETSTORM	id:	139541
db:	PACKETSTORM	id:	140046
db:	PACKETSTORM	id:	139461
db:	PACKETSTORM	id:	143169
db:	PACKETSTORM	id:	140943
db:	PACKETSTORM	id:	140436
db:	CNNVD	id:	CNNVD-201610-898
db:	NVD	id:	CVE-2016-8864

LAST UPDATE DATE

2024-09-18T22:38:40.926000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2016-8864	date:	2020-08-17T00:00:00
db:	BID	id:	94067	date:	2017-05-02T03:10:00
db:	JVNDB	id:	JVNDB-2016-005674	date:	2016-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201610-898	date:	2020-08-18T00:00:00
db:	NVD	id:	CVE-2016-8864	date:	2020-08-17T17:44:23.360

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2016-8864	date:	2016-11-02T00:00:00
db:	BID	id:	94067	date:	2016-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2016-005674	date:	2016-11-02T00:00:00
db:	PACKETSTORM	id:	139496	date:	2016-11-02T20:15:40
db:	PACKETSTORM	id:	139541	date:	2016-11-04T20:10:20
db:	PACKETSTORM	id:	140046	date:	2016-12-06T16:56:18
db:	PACKETSTORM	id:	139461	date:	2016-11-01T22:21:46
db:	PACKETSTORM	id:	143169	date:	2017-06-28T20:19:00
db:	PACKETSTORM	id:	140943	date:	2017-02-06T17:16:00
db:	PACKETSTORM	id:	140436	date:	2017-01-11T18:55:42
db:	CNNVD	id:	CNNVD-201610-898	date:	2016-11-02T00:00:00
db:	NVD	id:	CVE-2016-8864	date:	2016-11-02T17:59:00.187