Executive Summary

Informations
Name CVE-2016-9778 First vendor Publication 2019-01-16
Vendor Cve Last vendor Modification 2019-10-09

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.9
Base Score 5.9 Environmental Score 5.9
impact SubScore 3.6 Temporal Score 5.9
Exploitabality Sub Score 2.2
 
Attack Vector Network Attack Complexity High
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-388 Error Handling

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7
Application 1
Application 1

Nessus® Vulnerability Scanner

Date Description
2017-08-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201708-01.nasl - Type : ACT_GATHER_INFO
2017-01-19 Name : The remote name server is affected by multiple denial of service vulnerabilit...
File : bind9_CVE-2016-9131.nasl - Type : ACT_GATHER_INFO
2017-01-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_d4c7e9a9d89311e69b4dd050996490d0.nasl - Type : ACT_GATHER_INFO
2017-01-12 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2017-011-01.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/95388
CONFIRM https://kb.isc.org/article/AA-01442/
https://security.netapp.com/advisory/ntap-20180926-0005/
GENTOO https://security.gentoo.org/glsa/201708-01
SECTRACK http://www.securitytracker.com/id/1037582

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2020-05-23 00:54:01
  • Multiple Updates
2019-10-10 05:19:35
  • Multiple Updates
2019-02-12 00:18:49
  • Multiple Updates
2019-01-17 17:18:50
  • Multiple Updates
2019-01-17 00:19:17
  • First insertion