Main Vulnerability Database SB2015080404

SB2015080404 - Input validation error in bind (Alpine package)

Published: August 4, 2015

Security Bulletin ID SB2015080404

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2015-4620)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=94177d198b2c373d78e3bfeccefba287cea0899d
https://git.alpinelinux.org/aports/commit/?id=04d850a4688fbc93cc8bee5266eda1a0420639c8
https://git.alpinelinux.org/aports/commit/?id=5a6eb2946c459470eb1ee36aca054c7440dff5f9