Executive Summary

Informations
NameCVE-2016-1285First vendor Publication2016-03-09
VendorCveLast vendor Modification2017-11-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application330
Os1
Os1
Os1

Snort® IPS/IDS

DateDescription
2018-03-27ISC BIND malformed data channel authentication message denial of service attempt
RuleID : 45738 - Revision : 1 - Type : SERVER-OTHER
2017-09-06ISC BIND malformed control channel authentication message denial of service a...
RuleID : 43846 - Revision : 2 - Type : SERVER-OTHER
2016-05-27ISC BIND malformed control channel authentication message denial of service a...
RuleID : 38622 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

DateDescription
2017-08-03Name : The remote AIX host has a version of bind installed that is affected by multi...
File : aix_bind_advisory12.nasl - Type : ACT_GATHER_INFO
2017-04-21Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2016-10-12Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201610-07.nasl - Type : ACT_GATHER_INFO
2016-06-22Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0055.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV84456.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV84457.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV84458.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV84459.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV84947.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV84984.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV85296.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV85297.nasl - Type : ACT_GATHER_INFO
2016-06-20Name : The remote AIX host is missing a security patch.
File : aix_IV85298.nasl - Type : ACT_GATHER_INFO
2016-04-07Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0601.nasl - Type : ACT_GATHER_INFO
2016-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2016-161b73fc2c.nasl - Type : ACT_GATHER_INFO
2016-04-05Name : The remote Fedora host is missing a security update.
File : fedora_2016-364c0a9df4.nasl - Type : ACT_GATHER_INFO
2016-04-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0562.nasl - Type : ACT_GATHER_INFO
2016-03-28Name : The remote Fedora host is missing a security update.
File : fedora_2016-75f31fbb0a.nasl - Type : ACT_GATHER_INFO
2016-03-28Name : The remote Fedora host is missing a security update.
File : fedora_2016-dce6dbe6a8.nasl - Type : ACT_GATHER_INFO
2016-03-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c9075321f48311e592ce002590263bf5.nasl - Type : ACT_GATHER_INFO
2016-03-23Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-382.nasl - Type : ACT_GATHER_INFO
2016-03-22Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0825-1.nasl - Type : ACT_GATHER_INFO
2016-03-21Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-365.nasl - Type : ACT_GATHER_INFO
2016-03-21Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-368.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote name server is affected by multiple denial of service vulnerabilit...
File : bind9_CVE-2016-1285.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0458.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0459.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0458.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0459.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0036.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0458.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0459.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160316_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2016-03-17Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0780-1.nasl - Type : ACT_GATHER_INFO
2016-03-16Name : The remote Fedora host is missing a security update.
File : fedora_2016-5047abe4a9.nasl - Type : ACT_GATHER_INFO
2016-03-16Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0759-1.nasl - Type : ACT_GATHER_INFO
2016-03-14Name : The remote Fedora host is missing a security update.
File : fedora_2016-b593e84223.nasl - Type : ACT_GATHER_INFO
2016-03-11Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-665.nasl - Type : ACT_GATHER_INFO
2016-03-10Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-069-01.nasl - Type : ACT_GATHER_INFO
2016-03-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3511.nasl - Type : ACT_GATHER_INFO
2016-03-10Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2925-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-286720...
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546....
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01380
https://kb.isc.org/article/AA-01438
DEBIAN http://www.debian.org/security/2016/dsa-3511
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html
FREEBSD https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc
GENTOO https://security.gentoo.org/glsa/201610-07
HP http://marc.info/?l=bugtraq&m=146191105921542&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2016-0562.html
http://rhn.redhat.com/errata/RHSA-2016-0601.html
SECTRACK http://www.securitytracker.com/id/1035236
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
UBUNTU http://www.ubuntu.com/usn/USN-2925-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
DateInformations
2017-11-21 09:22:02
  • Multiple Updates
2017-08-04 13:25:03
  • Multiple Updates
2017-07-01 09:23:19
  • Multiple Updates
2017-04-22 13:25:52
  • Multiple Updates
2016-12-31 09:24:34
  • Multiple Updates
2016-12-03 09:24:38
  • Multiple Updates
2016-12-01 09:24:03
  • Multiple Updates
2016-11-30 09:24:43
  • Multiple Updates
2016-10-15 09:24:46
  • Multiple Updates
2016-10-13 13:25:06
  • Multiple Updates
2016-10-12 09:24:09
  • Multiple Updates
2016-09-09 09:23:20
  • Multiple Updates
2016-08-25 21:27:09
  • Multiple Updates
2016-08-20 09:22:32
  • Multiple Updates
2016-08-18 21:27:43
  • Multiple Updates
2016-08-17 09:23:51
  • Multiple Updates
2016-06-24 21:27:21
  • Multiple Updates
2016-06-23 13:29:28
  • Multiple Updates
2016-06-21 13:28:24
  • Multiple Updates
2016-06-21 09:26:50
  • Multiple Updates
2016-06-17 09:31:57
  • Multiple Updates
2016-04-08 13:24:01
  • Multiple Updates
2016-04-06 13:26:47
  • Multiple Updates
2016-04-04 17:23:54
  • Multiple Updates
2016-04-02 13:26:25
  • Multiple Updates
2016-03-29 13:21:00
  • Multiple Updates
2016-03-24 13:25:50
  • Multiple Updates
2016-03-23 13:26:11
  • Multiple Updates
2016-03-22 13:25:56
  • Multiple Updates
2016-03-18 13:26:06
  • Multiple Updates
2016-03-17 13:23:45
  • Multiple Updates
2016-03-15 13:25:11
  • Multiple Updates
2016-03-12 13:27:24
  • Multiple Updates
2016-03-11 13:26:30
  • Multiple Updates
2016-03-10 05:24:13
  • First insertion