7.5
CVSSv3

CVE-2016-8864

Published: 02/11/2016 Updated: 17/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 450
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

named in ISC BIND 9.x prior to 9.9.9-P4, 9.10.x prior to 9.10.4-P4, and 9.11.x prior to 9.11.0-P1 allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.10.4

isc bind 9.9.9

isc bind

isc bind 9.11.0

netapp data ontap edge -

netapp steelstore cloud integrated storage -

netapp solidfire -

redhat enterprise linux desktop 7.0

redhat enterprise linux server 5.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 6.2

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux workstation 5.0

redhat enterprise linux server aus 6.6

redhat enterprise linux eus 6.7

redhat enterprise linux server aus 6.5

redhat enterprise linux server tus 6.5

redhat enterprise linux server aus 6.4

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux desktop 5.0

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux server tus 6.6

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.2

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

debian debian linux 8.0

Vendor Advisories

Bind could be made to crash if it received specially crafted network traffic ...
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 62 Advanced Update Support, Red Hat Enterprise Linux 64 Advanced Update Support, Red Hat Enterprise Linux 65 Advanced Update Support, Red Hat Enterpri ...
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 5 and Red HatEnterprise Linux 6Red Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring Sy ...
Synopsis Important: bind97 security update Type/Severity Security Advisory: Important Topic An update for bind97 is now available for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice This update als ...
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily affects recursive resolvers For the stable distribution ...
A denial of service flaw was found in the way BIND handled responses containing a DNAME answer A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response ...
Debian Bug report logs - #855520 bind9: CVE-2017-3135: Assertion failure when using DNS64 and RPZ can lead to crash Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 19 Feb 2017 17:15:02 UTC Severity: grave T ...
Debian Bug report logs - #831796 bind9: CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Jul 2016 14:00:06 UTC Severi ...
Debian Bug report logs - #851065 bind9: CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Jan 2017 21:30:0 ...
Debian Bug report logs - #839010 bind9: CVE-2016-2776: Assertion failure in query processing Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Tue, 27 Sep 2016 17:21:02 UTC Se ...
Debian Bug report logs - #842858 bind9: CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Nov 2016 20:0 ...
Debian Bug report logs - #851063 bind9: CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date ...
Debian Bug report logs - #830810 bind9: CVE-2016-6170: Improper restriction of zone size limit Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Jul 2016 19:03:01 UTC Severity: important Tags: fixed-upstre ...
Debian Bug report logs - #851062 bind9: CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Jan 2017 21:27:01 UTC Severi ...
A denial of service flaw was found in the way BIND handled responses containing a DNAME answer A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response ...
A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in dbc or resolverc During processing of a recursive response that contains a DNAME record in the answer section, BIND can stop execution after encountering an assertion error in resolverc (error message: "INSI ...

Recent Articles

Monster patch day for Juniper customers
The Register • Richard Chirgwin • 13 Apr 2017

Nine advisories landed today

Clear the diaries, Juniper sysadmins, a van-load of patches landed today. I suggest you join me in getting a coffee and settling in while we go through the list. The security fixes cover six fixes to Junos, one for the company’s EX Series switches, BIND fixes for SRX, vSRX and J-Series units, and multiple fixes for the NorthStar controller. Ready? Let’s go. BIND: Junos OS on SRX, vSRX and J-Series has been upgraded to tick the boxes on five vulnerabilities. All four CVEs (CVE-2016-2776, CVE-...