exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2015-5722

Status Candidate

Overview

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

Related Files

HP Security Bulletin HPSBHF03539 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03539 1 - Vulnerabilities in OpenSSH and ISC BIND were addressed by HPE VCX. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-5477, CVE-2015-5600, CVE-2015-5722
SHA-256 | 58fee4a06d3f5edda1809be66e0702659884cd9a5e2567b6665e9ab43eea6133
Red Hat Security Advisory 2016-0079-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0079-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-5477, CVE-2015-5722, CVE-2015-8000
SHA-256 | a35918ab39e99762a3b19dc79daedc98eaadd5ba6e3ea93e97f92ef32c18ecf6
Red Hat Security Advisory 2016-0078-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0078-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2014-8500, CVE-2015-5477, CVE-2015-5722, CVE-2015-8000
SHA-256 | 0ed3af1b476de859391daa5f87e999a2851fe7c925578620450a6d7ababb9e84
HPE Security Bulletin HPSBUX03529 SSRT102967 1
Posted Dec 16, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03529 SSRT102967 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2015-5722, CVE-2015-8000
SHA-256 | 900b6d0f23492bb81c5701d07166014454a7d4d8edd5443ced5edb02fd85edb2
HPE Security Bulletin HPSBUX03522 SSRT102942 1
Posted Nov 20, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03522 SSRT102942 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2015-5722
SHA-256 | 633b86234c3422d4596642a9db25d7bc7a4fba620db6fd90ceb1ab81467cc759
Apple Security Advisory 2015-10-21-8
Posted Oct 21, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-10-21-8 - OS X Server 5.0.15 is now available and addresses BIND and bypass vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2015-5722, CVE-2015-5986, CVE-2015-7031
SHA-256 | 412ab3e71955416d2cd012b8f149b98e2a4f5c4bbbe6020dfd2cfa90f0615729
Gentoo Linux Security Advisory 201510-01
Posted Oct 18, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-1 - A vulnerability in BIND could lead to a Denial of Service condition. Versions less than 9.10.2_p4 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-1349, CVE-2015-4620, CVE-2015-5477, CVE-2015-5722, CVE-2015-5986
SHA-256 | 3e69b06ce087bc759fa9828ea0b0cf459d7968e9aa04df031352b20c2a562035
HPE Security Bulletin HPSBUX03511 SSRT102248 1
Posted Sep 23, 2015
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPSBUX03511 SSRT102248 1 - A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2015-5477, CVE-2015-5722
SHA-256 | f0f4a425f26cfc537edf32966bbe5b3a92ba5abc570439e968df19dcaebde252
Ubuntu Security Notice USN-2728-1
Posted Sep 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2728-1 - Hanno Boeck discovered that Bind incorrectly handled certain malformed keys when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-5722
SHA-256 | 9e9bbd0c17fcb514ece8705a5dfed06161b5de9b92526a55ba59e532db466ae1
Slackware Security Advisory - bind Updates
Posted Sep 3, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-5722, CVE-2015-5986
SHA-256 | 71e9021c7dd146c2fbdff8344b3ed3f5124096ad070583b42adb31fadb00ccda
Debian Security Advisory 3350-1
Posted Sep 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3350-1 - Hanno Boeck discovered that incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2015-5722
SHA-256 | a2ee59fa7b049499a7e64ecff9e271c325fb9143bcb165a3d51166b25c1d8f20
Red Hat Security Advisory 2015-1706-01
Posted Sep 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1706-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query that would cause named functioning as a validating resolver to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-5722
SHA-256 | 0f900569386df1dc61133ad536d7a6be8fb800f54e491aea114bf372975f9225
Red Hat Security Advisory 2015-1705-01
Posted Sep 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1705-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query that would cause named functioning as a validating resolver to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-5722
SHA-256 | e5f6596d38308d8d26b67eedfe979735bd15143a2a88ace16efc1fd0cb6124cf
Red Hat Security Advisory 2015-1707-01
Posted Sep 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1707-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query that would cause named functioning as a validating resolver to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-5722
SHA-256 | 63d1d6e4246dcf1b0ac3622f8df657ee68462300f5c59a8db18a06f95c87c54a
FreeBSD Security Advisory - BIND Denial Of Service
Posted Sep 2, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. A remote attacker can deliberately trigger the failed assertion which will cause an affected server to terminate, by using a query that requires a response from a zone containing a malformed key, resulting in a denial of service condition. Recursive servers are at greatest risk, however, an authoritative server could also be affected, if an attacker controls a zone that the server must query against to perform its zone service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2015-5722
SHA-256 | 19a32d5376ff03333088cddc32b4e99e806201efa92da2f753a45e3f50b0db3c
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close