Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv2

CVE-2015-1349

Published: 19/02/2015 Updated: 30/10/2018
CVSS v2 Base Score: 5.4 | Impact Score: 6.9 | Exploitability Score: 4.9
VMScore: 485
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C
Subscribe to Bind

Vulnerability Summary

named in ISC BIND 9.7.0 up to and including 9.9.6 prior to 9.9.6-P2 and 9.10.x prior to 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote malicious users to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.7.0

isc bind 9.7.2

isc bind 9.7.4

isc bind 9.7.6

isc bind 9.8.0

isc bind 9.8.2

isc bind 9.8.5

isc bind 9.8.6

isc bind 9.9.0

isc bind 9.9.3

isc bind 9.9.6

isc bind 9.9.7

isc bind 9.7.3

isc bind 9.7.5

isc bind 9.8.1

isc bind 9.8.4

isc bind 9.9.5

isc bind 9.7.1

isc bind 9.8.3

isc bind 9.9.1

isc bind 9.9.2

isc bind 9.9.4

isc bind 9.10.2

isc bind 9.7.7

isc bind 9.10.0

isc bind 9.10.1

Vendor Advisories

Debian CVElist Bug Report Logs: bind9: CVE-2015-1349 named crash
Debian Bug report logs - #778733 bind9: CVE-2015-1349 named crash Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Thu, 19 Feb 2015 03:48:01 UTC Severity: serious Tags: fixed-upstream, security, upstream Found in v ...
Ubuntu Security Notice: bind9 vulnerability
Bind could be made to crash if it received specially crafted network traffic ...
Debian Security Advisories: DSA-3162-1 bind9 -- security update
Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) ...
Amazon Linux AMI: ALAS-2015-490
A flaw was found in the way BIND handled trust anchor management A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions ...

References

CWE-399https://kb.isc.org/article/AA-01235http://www.ubuntu.com/usn/USN-2503-1http://advisories.mageia.org/MGASA-2015-0082.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:054http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1193820http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0672.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:165https://kc.mcafee.com/corporate/index?page=content&id=SB10116http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.htmlhttp://marc.info/?l=bugtraq&m=143740940810833&w=2https://support.apple.com/HT205219http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.htmlhttps://security.gentoo.org/glsa/201510-01http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.htmlhttps://kb.juniper.net/JSA10783https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778733https://usn.ubuntu.com/2503-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook