cvelistv5 - CVE-2016-6173

CVE-2016-6173 (GCVE-0-2016-6173)

Vulnerability from cvelistv5

Published

2017-02-09 15:00

Modified

2024-08-06 01:22

Severity ?

CWE

Summary

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-201702-0037

Vulnerability from variot

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0037",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nsd",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nlnetlabs",
        "version": "4.1.10"
      },
      {
        "model": "nsd",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "stichting nlnet",
        "version": "4.1.11"
      },
      {
        "model": "nsd",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nlnetlabs",
        "version": "4.1.10"
      },
      {
        "model": "authoritative server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "powerdns",
        "version": "3.4.7"
      },
      {
        "model": "authoritative server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "powerdns",
        "version": "3.4.6"
      },
      {
        "model": "authoritative server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "powerdns",
        "version": "3.4.5"
      },
      {
        "model": "authoritative server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "powerdns",
        "version": "3.4.4"
      },
      {
        "model": "authoritative server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "powerdns",
        "version": "3.4"
      },
      {
        "model": "nsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nsd",
        "version": "0"
      },
      {
        "model": "dns knot dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "knot",
        "version": "0"
      },
      {
        "model": "authoritative server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "powerdns",
        "version": "4.0.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:nlnet_labs:nsd",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "91678"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6173",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-6173",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-6173",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-6173",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-6173",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-081",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "BID",
        "id": "91678"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6173",
        "trust": 2.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/07/06/3",
        "trust": 1.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2016/07/06/4",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "91678",
        "trust": 1.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "id": "VAR-201702-0037",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.18333334
  },
  "last_update_date": "2024-11-23T20:05:13.240000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Bug 790",
        "trust": 0.8,
        "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
      },
      {
        "title": "NSD RELEASE NOTES",
        "trust": 0.8,
        "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
      },
      {
        "title": "[nsd-users] NSD 4.1.11",
        "trust": 0.8,
        "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
      },
      {
        "title": "NSD Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62673"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://github.com/sischkg/xfer-limit/blob/master/readme.md"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
      },
      {
        "trust": 1.6,
        "url": "http://www.nlnetlabs.nl/svn/nsd/tags/nsd_4_1_11_rel/doc/relnotes"
      },
      {
        "trust": 1.6,
        "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
      },
      {
        "trust": 1.6,
        "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
      },
      {
        "trust": 1.6,
        "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-july/015058.html"
      },
      {
        "trust": 1.6,
        "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-august/002342.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/91678"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6173"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6173"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/powerdns/pdns/pull/4133"
      },
      {
        "trust": 0.3,
        "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-july/015073.html"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "91678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-07T00:00:00",
        "db": "BID",
        "id": "91678"
      },
      {
        "date": "2017-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "date": "2016-07-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      },
      {
        "date": "2017-02-09T15:59:01.237000",
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-07T00:00:00",
        "db": "BID",
        "id": "91678"
      },
      {
        "date": "2017-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      },
      {
        "date": "2017-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      },
      {
        "date": "2024-11-21T02:55:36.120000",
        "db": "NVD",
        "id": "CVE-2016-6173"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NSD Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007717"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-081"
      }
    ],
    "trust": 0.6
  }
}

gsd-2016-6173

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

Aliases

CVE-2016-6173

Aliases

CVE-2016-6173

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6173",
    "description": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.",
    "id": "GSD-2016-6173",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-6173.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6173"
      ],
      "details": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.",
      "id": "GSD-2016-6173",
      "modified": "2023-12-13T01:21:23.724901Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-6173",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.openwall.com/lists/oss-security/2016/07/06/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
          },
          {
            "name": "https://github.com/sischkg/xfer-limit/blob/master/README.md",
            "refsource": "MISC",
            "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
          },
          {
            "name": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html",
            "refsource": "MISC",
            "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2016/07/06/4",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
          },
          {
            "name": "http://www.securityfocus.com/bid/91678",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/91678"
          },
          {
            "name": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES",
            "refsource": "MISC",
            "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
          },
          {
            "name": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html",
            "refsource": "MISC",
            "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
          },
          {
            "name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790",
            "refsource": "MISC",
            "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-6173"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
            },
            {
              "name": "[nsd-users] 20160809 NSD 4.1.11",
              "refsource": "MLIST",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
            },
            {
              "name": "[dns-operations] 20160704 DNS activities in Japan",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
            },
            {
              "name": "https://github.com/sischkg/xfer-limit/blob/master/README.md",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
            },
            {
              "name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
            },
            {
              "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
            },
            {
              "name": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
            },
            {
              "name": "91678",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91678"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-02-24T21:14Z",
      "publishedDate": "2017-02-09T15:59Z"
    }
  }
}

opensuse-su-2024:11100-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

nsd-4.3.7-1.2 on GA media

Notes

Title of the patch

nsd-4.3.7-1.2 on GA media

Description of the patch

These are all security issues fixed in the nsd-4.3.7-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11100

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "nsd-4.3.7-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the nsd-4.3.7-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11100",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11100-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2979 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2979/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-6173 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-6173/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13207 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13207/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28935 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28935/"
      }
    ],
    "title": "nsd-4.3.7-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11100-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nsd-4.3.7-1.2.aarch64",
                "product": {
                  "name": "nsd-4.3.7-1.2.aarch64",
                  "product_id": "nsd-4.3.7-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nsd-4.3.7-1.2.ppc64le",
                "product": {
                  "name": "nsd-4.3.7-1.2.ppc64le",
                  "product_id": "nsd-4.3.7-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nsd-4.3.7-1.2.s390x",
                "product": {
                  "name": "nsd-4.3.7-1.2.s390x",
                  "product_id": "nsd-4.3.7-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nsd-4.3.7-1.2.x86_64",
                "product": {
                  "name": "nsd-4.3.7-1.2.x86_64",
                  "product_id": "nsd-4.3.7-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nsd-4.3.7-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64"
        },
        "product_reference": "nsd-4.3.7-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nsd-4.3.7-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le"
        },
        "product_reference": "nsd-4.3.7-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nsd-4.3.7-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x"
        },
        "product_reference": "nsd-4.3.7-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nsd-4.3.7-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
        },
        "product_reference": "nsd-4.3.7-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-2979",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2979"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2979",
          "url": "https://www.suse.com/security/cve/CVE-2012-2979"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 774600 for CVE-2012-2979",
          "url": "https://bugzilla.suse.com/774600"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-2979"
    },
    {
      "cve": "CVE-2016-6173",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-6173"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-6173",
          "url": "https://www.suse.com/security/cve/CVE-2016-6173"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 987873 for CVE-2016-6173",
          "url": "https://bugzilla.suse.com/987873"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-6173"
    },
    {
      "cve": "CVE-2019-13207",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13207"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13207",
          "url": "https://www.suse.com/security/cve/CVE-2019-13207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1182952 for CVE-2019-13207",
          "url": "https://bugzilla.suse.com/1182952"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13207"
    },
    {
      "cve": "CVE-2020-28935",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28935"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
          "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28935",
          "url": "https://www.suse.com/security/cve/CVE-2020-28935"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173619 for CVE-2020-28935",
          "url": "https://bugzilla.suse.com/1173619"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179191 for CVE-2020-28935",
          "url": "https://bugzilla.suse.com/1179191"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.aarch64",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.ppc64le",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.s390x",
            "openSUSE Tumbleweed:nsd-4.3.7-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28935"
    }
  ]
}

ghsa-h7fr-j2jh-7mww

Vulnerability from github

Published

2022-05-17 02:57

Modified

2022-05-17 02:57

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6173"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-09T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.",
  "id": "GHSA-h7fr-j2jh-7mww",
  "modified": "2022-05-17T02:57:52Z",
  "published": "2022-05-17T02:57:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
    },
    {
      "type": "WEB",
      "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
    },
    {
      "type": "WEB",
      "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
    },
    {
      "type": "WEB",
      "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
    },
    {
      "type": "WEB",
      "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91678"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2016-6173

Vulnerability from fkie_nvd

Published

2017-02-09 15:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

References

URL	Tags
secalert@redhat.com	http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES	Release Notes, Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2016/07/06/3	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2016/07/06/4	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/91678	Third Party Advisory, VDB Entry
secalert@redhat.com	https://github.com/sischkg/xfer-limit/blob/master/README.md	Third Party Advisory
secalert@redhat.com	https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html	Third Party Advisory
secalert@redhat.com	https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html	Release Notes, Vendor Advisory
secalert@redhat.com	https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/07/06/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/07/06/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91678	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sischkg/xfer-limit/blob/master/README.md	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790	Issue Tracking

Impacted products

	Vendor	Product	Version
	nlnetlabs	nsd	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F12FB3B-CD6F-40A7-8BC1-336A335E6247",
              "versionEndIncluding": "4.1.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
    },
    {
      "lang": "es",
      "value": "NSD en versiones anteriores a 4.1.11 permite a servidores DNS maestros remotos provocar una denegaci\u00f3n de servicio (/tmp consumo de disco y ca\u00edda del servidor esclavo) a trav\u00e9s de una trasferencia de zona con datos ilimitados.."
    }
  ],
  "id": "CVE-2016-6173",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-09T15:59:01.237",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91678"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91678"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2016-04687

Vulnerability from cnvd

Title

NSD拒绝服务漏洞

Description

NSD是一款高性能的开源名称服务器。 NSD存在拒绝服务漏洞。由于NSD服务器未能限制区域传输数据的大小，允许远程攻击者可利用该漏洞提交特殊请求，进行拒绝服务攻击。

Severity

中

Patch Name

NSD拒绝服务漏洞的补丁

Patch Description

NSD是一款高性能的开源名称服务器。 NSD存在拒绝服务漏洞。由于NSD服务器未能限制区域传输数据的大小，允许远程攻击者可利用该漏洞提交特殊请求，进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.nlnetlabs.nl/

Reference

http://www.openwall.com/lists/oss-security/2016/07/06/4

Impacted products

Name
Nlnetlabs NSD

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "91678"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6173"
    }
  },
  "description": "NSD\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684\u5f00\u6e90\u540d\u79f0\u670d\u52a1\u5668\u3002\r\n\r\nNSD\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u7531\u4e8eNSD\u670d\u52a1\u5668\u672a\u80fd\u9650\u5236\u533a\u57df\u4f20\u8f93\u6570\u636e\u7684\u5927\u5c0f\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.nlnetlabs.nl/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04687",
  "openTime": "2016-07-12",
  "patchDescription": "NSD\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684\u5f00\u6e90\u540d\u79f0\u670d\u52a1\u5668\u3002\r\n\r\nNSD\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u7531\u4e8eNSD\u670d\u52a1\u5668\u672a\u80fd\u9650\u5236\u533a\u57df\u4f20\u8f93\u6570\u636e\u7684\u5927\u5c0f\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NSD\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Nlnetlabs NSD"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2016/07/06/4",
  "serverity": "\u4e2d",
  "submitTime": "2016-07-09",
  "title": "NSD\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-6173 (GCVE-0-2016-6173)

Vulnerability from cvelistv5

var-201702-0037

Vulnerability from variot

gsd-2016-6173

Vulnerability from gsd

opensuse-su-2024:11100-1

Vulnerability from csaf_opensuse

ghsa-h7fr-j2jh-7mww

Vulnerability from github

fkie_cve-2016-6173

Vulnerability from fkie_nvd

cnvd-2016-04687

Vulnerability from cnvd

Tags

Sightings

Nomenclature