ID CVE-2015-4620
Summary name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
References
Vulnerable Configurations
  • ISC BIND 9.7.0
    cpe:2.3:a:isc:bind:9.7.0
  • ISC BIND 9.7.0 Beta 1
    cpe:2.3:a:isc:bind:9.7.0:b1
  • ISC BIND 9.7.0 p1
    cpe:2.3:a:isc:bind:9.7.0:p1
  • ISC BIND 9.7.0 p2
    cpe:2.3:a:isc:bind:9.7.0:p2
  • ISC BIND 9.7.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.0:rc1
  • ISC BIND 9.7.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.0:rc2
  • ISC BIND 9.7.1
    cpe:2.3:a:isc:bind:9.7.1
  • ISC BIND 9.7.1 p1
    cpe:2.3:a:isc:bind:9.7.1:p1
  • ISC BIND 9.7.1 p2
    cpe:2.3:a:isc:bind:9.7.1:p2
  • ISC BIND 9.7.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.1:rc1
  • ISC BIND 9.7.2
    cpe:2.3:a:isc:bind:9.7.2
  • ISC BIND 9.7.2 P1
    cpe:2.3:a:isc:bind:9.7.2:p1
  • ISC BIND 9.7.2 P2
    cpe:2.3:a:isc:bind:9.7.2:p2
  • ISC BIND 9.7.2 P3
    cpe:2.3:a:isc:bind:9.7.2:p3
  • ISC BIND 9.7.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.2:rc1
  • ISC BIND 9.7.3
    cpe:2.3:a:isc:bind:9.7.3
  • ISC BIND 9.7.3 B1
    cpe:2.3:a:isc:bind:9.7.3:b1
  • ISC BIND 9.7.3 P1
    cpe:2.3:a:isc:bind:9.7.3:p1
  • ISC BIND 9.7.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.3:rc1
  • ISC BIND 9.7.4
    cpe:2.3:a:isc:bind:9.7.4
  • ISC BIND 9.7.4 B1
    cpe:2.3:a:isc:bind:9.7.4:b1
  • ISC BIND 9.7.4P1
    cpe:2.3:a:isc:bind:9.7.4:p1
  • ISC BIND 9.7.4 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.4:rc1
  • ISC BIND 9.7.5
    cpe:2.3:a:isc:bind:9.7.5
  • ISC BIND 9.7.5 B1
    cpe:2.3:a:isc:bind:9.7.5:b1
  • ISC BIND 9.7.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.5:rc1
  • ISC BIND 9.7.5 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.5:rc2
  • ISC BIND 9.7.6
    cpe:2.3:a:isc:bind:9.7.6
  • ISC BIND 9.7.6-p1
    cpe:2.3:a:isc:bind:9.7.6:p1
  • ISC BIND 9.7.6-p2
    cpe:2.3:a:isc:bind:9.7.6:p2
  • ISC BIND 9.7.7
    cpe:2.3:a:isc:bind:9.7.7
  • ISC BIND 9.8.0
    cpe:2.3:a:isc:bind:9.8.0
  • ISC BIND 9.8.0 A1
    cpe:2.3:a:isc:bind:9.8.0:a1
  • ISC BIND 9.8.0 B1
    cpe:2.3:a:isc:bind:9.8.0:b1
  • ISC BIND 9.8.0 P1
    cpe:2.3:a:isc:bind:9.8.0:p1
  • ISC BIND 9.8.0 P2
    cpe:2.3:a:isc:bind:9.8.0:p2
  • ISC BIND 9.8.0-P4
    cpe:2.3:a:isc:bind:9.8.0:p4
  • ISC BIND 9.8.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.0:rc1
  • ISC BIND 9.8.1
    cpe:2.3:a:isc:bind:9.8.1
  • ISC BIND 9.8.1 B1
    cpe:2.3:a:isc:bind:9.8.1:b1
  • ISC BIND 9.8.1 B2
    cpe:2.3:a:isc:bind:9.8.1:b2
  • ISC BIND 9.8.1 B3
    cpe:2.3:a:isc:bind:9.8.1:b3
  • ISC BIND 9.8.1-P1
    cpe:2.3:a:isc:bind:9.8.1:p1
  • ISC BIND 9.8.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.1:rc1
  • ISC BIND 9.8.2 B1
    cpe:2.3:a:isc:bind:9.8.2:b1
  • ISC BIND 9.8.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.2:rc1
  • ISC BIND 9.8.2 Release Candidate 2
    cpe:2.3:a:isc:bind:9.8.2:rc2
  • ISC BIND 9.8.3
    cpe:2.3:a:isc:bind:9.8.3
  • ISC BIND 9.8.3-p1
    cpe:2.3:a:isc:bind:9.8.3:p1
  • ISC BIND 9.8.3-p2
    cpe:2.3:a:isc:bind:9.8.3:p2
  • ISC BIND 9.8.4
    cpe:2.3:a:isc:bind:9.8.4
  • ISC BIND 9.8.5
    cpe:2.3:a:isc:bind:9.8.5
  • ISC BIND 9.8.5 b1
    cpe:2.3:a:isc:bind:9.8.5:b1
  • ISC BIND 9.8.5 b2
    cpe:2.3:a:isc:bind:9.8.5:b2
  • ISC BIND 9.8.5 P1
    cpe:2.3:a:isc:bind:9.8.5:p1
  • ISC BIND 9.8.5 P2
    cpe:2.3:a:isc:bind:9.8.5:p2
  • ISC BIND 9.8.5 release candidate 1
    cpe:2.3:a:isc:bind:9.8.5:rc1
  • ISC BIND 9.8.5 release candidate 2
    cpe:2.3:a:isc:bind:9.8.5:rc2
  • ISC BIND 9.8.6b1
    cpe:2.3:a:isc:bind:9.8.6:b1
  • ISC BIND 9.8.6 release candidate 1
    cpe:2.3:a:isc:bind:9.8.6:rc1
  • ISC BIND 9.8.6 release candidate 2
    cpe:2.3:a:isc:bind:9.8.6:rc2
  • ISC BIND 9.9.0
    cpe:2.3:a:isc:bind:9.9.0
  • ISC BIND 9.9.0a1
    cpe:2.3:a:isc:bind:9.9.0:a1
  • ISC BIND 9.9.0a2
    cpe:2.3:a:isc:bind:9.9.0:a2
  • ISC BIND 9.9.0a3
    cpe:2.3:a:isc:bind:9.9.0:a3
  • ISC BIND 9.9.0b1
    cpe:2.3:a:isc:bind:9.9.0:b1
  • ISC BIND 9.9.0b2
    cpe:2.3:a:isc:bind:9.9.0:b2
  • ISC BIND 9.9.0 release candidate 1
    cpe:2.3:a:isc:bind:9.9.0:rc1
  • ISC BIND 9.9.0 release candidate 2
    cpe:2.3:a:isc:bind:9.9.0:rc2
  • ISC BIND 9.9.0 release candidate 3
    cpe:2.3:a:isc:bind:9.9.0:rc3
  • ISC BIND 9.9.0 release candidate 4
    cpe:2.3:a:isc:bind:9.9.0:rc4
  • ISC BIND 9.9.1
    cpe:2.3:a:isc:bind:9.9.1
  • ISC BIND 9.9.1-p1
    cpe:2.3:a:isc:bind:9.9.1:p1
  • ISC BIND 9.9.1-p2
    cpe:2.3:a:isc:bind:9.9.1:p2
  • ISC BIND 9.9.2
    cpe:2.3:a:isc:bind:9.9.2
  • ISC BIND 9.9.3
    cpe:2.3:a:isc:bind:9.9.3
  • ISC BIND 9.9.3 b1
    cpe:2.3:a:isc:bind:9.9.3:b1
  • ISC BIND 9.9.3 b2
    cpe:2.3:a:isc:bind:9.9.3:b2
  • ISC BIND 9.9.3p1
    cpe:2.3:a:isc:bind:9.9.3:p1
  • ISC BIND 9.9.3p2
    cpe:2.3:a:isc:bind:9.9.3:p2
  • ISC BIND 9.9.3 release candidate 1
    cpe:2.3:a:isc:bind:9.9.3:rc1
  • ISC BIND 9.9.3 release candidate 2
    cpe:2.3:a:isc:bind:9.9.3:rc2
  • ISC BIND 9.9.4b1
    cpe:2.3:a:isc:bind:9.9.4:b1
  • ISC BIND 9.9.5
    cpe:2.3:a:isc:bind:9.9.5
  • ISC BIND 9.9.6
    cpe:2.3:a:isc:bind:9.9.6
  • ISC BIND 9.9.6 p1
    cpe:2.3:a:isc:bind:9.9.6:p1
  • ISC BIND 9.9.7 b1
    cpe:2.3:a:isc:bind:9.9.7:b1
  • ISC BIND 9.9.7 Release Candidate 1
    cpe:2.3:a:isc:bind:9.9.7:rc1
  • ISC BIND 9.9.7 Release Candidate 2
    cpe:2.3:a:isc:bind:9.9.7:rc2
  • ISC BIND 9.10.0
    cpe:2.3:a:isc:bind:9.10.0
  • ISC BIND 9.10.1
    cpe:2.3:a:isc:bind:9.10.1
  • ISC BIND 9.10.1 p1
    cpe:2.3:a:isc:bind:9.10.1:p1
  • ISC BIND 9.10.2 b2
    cpe:2.3:a:isc:bind:9.10.2:b1
  • ISC BIND 9.10.2 P1
    cpe:2.3:a:isc:bind:9.10.2:p1
  • ISC BIND 9.10.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.10.2:rc1
CVSS
Base: 7.8 (as of 28-12-2016 - 09:36)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1443.NASL
    description From Red Hat Security Advisory 2015:1443 : Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 84889
    published 2015-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84889
    title Oracle Linux 7 : bind (ELSA-2015-1443)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3304.NASL
    description Breno Silveira Soares of Servico Federal de Processamento de Dados (SERPRO) discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminate with an assertion failure, resulting in a denial of service to clients relying on the resolver.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84599
    published 2015-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84599
    title Debian DSA-3304-1 : bind9 - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-494.NASL
    description bind was updated to fix three security issues. These security issues were fixed : - CVE-2015-1349: named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330). - CVE-2014-8500: ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 did not limit delegation chaining, which allowed remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals (bsc#908994). - CVE-2015-4620: Resolver crash when validating (bsc#936476).
    last seen 2019-02-21
    modified 2015-09-13
    plugin id 84816
    published 2015-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84816
    title openSUSE Security Update : bind (openSUSE-2015-494)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1471.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84954
    published 2015-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84954
    title RHEL 6 : bind (RHSA-2015:1471)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1205-1.NASL
    description bind was updated to fix two security issues : CVE-2015-1349: A problem with trust anchor management could have caused named to crash (bsc#918330). CVE-2015-4620: Fix resolver crash when validating (bsc#936476). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84633
    published 2015-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84633
    title SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:1205-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1204-1.NASL
    description bind was updated to fix two security issues. These security issues were fixed : - CVE-2015-1349: Named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allowed remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use (bsc#918330). - CVE-2015-4620: Fixed resolver crash when validating (bsc#936476). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84632
    published 2015-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84632
    title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:1204-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2669-1.NASL
    description Breno Silveira Soares discovered that Bind incorrectly handled certain zone data when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84620
    published 2015-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84620
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : bind9 vulnerability (USN-2669-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-270.NASL
    description A vulnerability has been found in the Internet Domain Name Server bind9 : CVE-2015-4620 Breno Silveira Soares of Servico Federal de Processamento de Dados (SERPRO) discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminate with an assertion failure, resulting in a denial of service to clients relying on the resolver. For the squeeze distribution, these issues have been fixed in version 9.7.3.dfsg-1~squeeze15 of bind9. We recommend that you upgrade your bind9 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 84676
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84676
    title Debian DLA-270-1 : bind9 security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99569
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99569
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-188-04.NASL
    description New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2015-09-13
    plugin id 84591
    published 2015-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84591
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-188-04)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1443.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84883
    published 2015-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84883
    title CentOS 7 : bind (CESA-2015:1443)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0105.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2015-5477) - Fix (CVE-2015-4620) - Resolves: 1215687 - DNS resolution failure in high load environment with SERVFAIL and 'out of memory/success' in the log - Fix (CVE-2015-1349) - Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476) - Fix race condition when using isc__begin_beginexclusive (#1175321) - Sanitize SDB API to better handle database errors (#1146893) - Fix CVE-2014-8500 (#1171974) - Fix RRL slip behavior when set to 1 (#1112356) - Fix issue causing bind to hang after reload if using DYNDB (#1142152)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 85146
    published 2015-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85146
    title OracleVM 3.3 : bind (OVMSA-2015-0105)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1471.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-02
    plugin id 85028
    published 2015-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85028
    title CentOS 6 : bind (CESA-2015:1471)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150722_BIND_ON_SL6_X.NASL
    description A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85190
    published 2015-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85190
    title Scientific Linux Security Update : bind on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-11484.NASL
    description fix for CVE-2015-4620 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 84905
    published 2015-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84905
    title Fedora 21 : bind-9.9.6-9.P1.fc21 (2015-11484)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-11483.NASL
    description - update to 9.10.2-P2 - fix for CVE-2015-4620 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 84852
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84852
    title Fedora 22 : bind-9.10.2-3.P2.fc22 (2015-11483)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16912.NASL
    description name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 85054
    published 2015-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85054
    title F5 Networks BIG-IP : BIND vulnerability (SOL16912)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201510-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201510-01 (BIND: Denial of Service) A vulnerability has been discovered in BIND’s named utility leading to a Denial of Service condition. Impact : A remote attacker may be able to cause Denial of Service condition via specially constructed zone data. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-12-19
    plugin id 86435
    published 2015-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86435
    title GLSA-201510-01 : BIND: Denial of Service
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1443.NASL
    description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84892
    published 2015-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84892
    title RHEL 7 : bind (RHSA-2015:1443)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-566.NASL
    description A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 84926
    published 2015-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84926
    title Amazon Linux AMI : bind (ALAS-2015-566)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1471.NASL
    description From Red Hat Security Advisory 2015:1471 : Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85114
    published 2015-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85114
    title Oracle Linux 6 : bind (ELSA-2015-1471)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150720_BIND_ON_SL7_X.NASL
    description A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 84894
    published 2015-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84894
    title Scientific Linux Security Update : bind on SL7.x x86_64
  • NASL family DNS
    NASL id BIND9_9102_P2.NASL
    description According to its self-reported version number, the remote installation of BIND is potentially affected by a denial of service vulnerability, when configured as a recursive resolver with DNSSEC validation, due to an error that occurs during the validation of specially crafted zone data returned in an answer to a recursive query. A remote attacker can exploit this, by causing a query to be performed against a maliciously constructed zone, to crash the resolver. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 84728
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84728
    title ISC BIND 9.7.x < 9.9.7-P1 / 9.10.x < 9.10.2-P2 Resolver DNSSEC Validation DoS
redhat via4
advisories
  • bugzilla
    id 1237258
    title CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment bind is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443013
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975006
      • AND
        • comment bind-chroot is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443019
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975012
      • AND
        • comment bind-devel is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443017
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975010
      • AND
        • comment bind-libs is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443005
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975016
      • AND
        • comment bind-libs-lite is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443015
        • comment bind-libs-lite is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984041
      • AND
        • comment bind-license is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443023
        • comment bind-license is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984029
      • AND
        • comment bind-lite-devel is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443011
        • comment bind-lite-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984039
      • AND
        • comment bind-sdb is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443007
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975014
      • AND
        • comment bind-sdb-chroot is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443021
        • comment bind-sdb-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984035
      • AND
        • comment bind-utils is earlier than 32:9.9.4-18.el7_1.2
          oval oval:com.redhat.rhsa:tst:20151443009
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975008
    rhsa
    id RHSA-2015:1443
    released 2015-07-20
    severity Important
    title RHSA-2015:1443: bind security update (Important)
  • bugzilla
    id 1237258
    title CVE-2015-4620 bind: abort DoS caused by uninitialized value use in isselfsigned()
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment bind is earlier than 32:9.8.2-0.37.rc1.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151471007
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975006
      • AND
        • comment bind-chroot is earlier than 32:9.8.2-0.37.rc1.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151471005
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975012
      • AND
        • comment bind-devel is earlier than 32:9.8.2-0.37.rc1.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151471011
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975010
      • AND
        • comment bind-libs is earlier than 32:9.8.2-0.37.rc1.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151471013
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975016
      • AND
        • comment bind-sdb is earlier than 32:9.8.2-0.37.rc1.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151471015
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975014
      • AND
        • comment bind-utils is earlier than 32:9.8.2-0.37.rc1.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151471009
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975008
    rhsa
    id RHSA-2015:1471
    released 2015-07-22
    severity Important
    title RHSA-2015:1471: bind security update (Important)
rpms
  • bind-32:9.9.4-18.el7_1.2
  • bind-chroot-32:9.9.4-18.el7_1.2
  • bind-devel-32:9.9.4-18.el7_1.2
  • bind-libs-32:9.9.4-18.el7_1.2
  • bind-libs-lite-32:9.9.4-18.el7_1.2
  • bind-license-32:9.9.4-18.el7_1.2
  • bind-lite-devel-32:9.9.4-18.el7_1.2
  • bind-sdb-32:9.9.4-18.el7_1.2
  • bind-sdb-chroot-32:9.9.4-18.el7_1.2
  • bind-utils-32:9.9.4-18.el7_1.2
  • bind-32:9.8.2-0.37.rc1.el6_7.1
  • bind-chroot-32:9.8.2-0.37.rc1.el6_7.1
  • bind-devel-32:9.8.2-0.37.rc1.el6_7.1
  • bind-libs-32:9.8.2-0.37.rc1.el6_7.1
  • bind-sdb-32:9.8.2-0.37.rc1.el6_7.1
  • bind-utils-32:9.8.2-0.37.rc1.el6_7.1
refmap via4
bid 75588
confirm
debian DSA-3304
fedora
  • FEDORA-2015-11483
  • FEDORA-2015-11484
gentoo GLSA-201510-01
hp
  • HPSBUX03379
  • SSRT101976
sectrack 1032799
suse
  • SUSE-SU-2015:1205
  • openSUSE-SU-2015:1250
  • openSUSE-SU-2015:1326
ubuntu USN-2669-1
Last major update 30-12-2016 - 21:59
Published 08-07-2015 - 10:59
Last modified 30-10-2018 - 12:27
Back to Top