[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110204

 
 

909

 
 

85984

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-8704Date: (C)2016-02-11   (M)2018-06-17


apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 6.8
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE_INSTANCE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
SECTRACK-1034739
BID-81329
DSA-3449
FEDORA-2016-1323b9078a
FEDORA-2016-1ab53bf440
FEDORA-2016-f3517b9c4c
FEDORA-2016-feb8d77f36
FreeBSD-SA-16:08
GLSA-201610-07
RHSA-2016:0073
RHSA-2016:0074
SSRT102983
SUSE-SU-2016:0174
SUSE-SU-2016:0180
SUSE-SU-2016:0200
SUSE-SU-2016:0227
USN-2874-1
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://kb.isc.org/article/AA-01335
https://kb.isc.org/article/AA-01380
https://kb.isc.org/article/AA-01438
openSUSE-SU-2016:0197
openSUSE-SU-2016:0199
openSUSE-SU-2016:0204

CPE    102
cpe:/a:isc:bind:9.10.3:p1
cpe:/a:isc:bind:9.10.1
cpe:/a:isc:bind:9.10.3
cpe:/a:isc:bind:9.10.1:p1
...
CWE    1
CWE-20
OVAL    24
oval:org.secpod.oval:def:602341
oval:org.secpod.oval:def:501756
oval:org.secpod.oval:def:501757
oval:org.secpod.oval:def:110069
...

© SecPod Technologies