Main Vulnerability Database SB2016012013

SB2016012013 - Input validation error in bind (Alpine package)

Published: January 20, 2016

Security Bulletin ID SB2016012013

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2015-8704)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=b527cfa00a7793b4db08311ff32263dce31eeae7
https://git.alpinelinux.org/aports/commit/?id=1cff01908c342a676deca5a1d7261020c6241d2d
https://git.alpinelinux.org/aports/commit/?id=efcb126bc36e67ceb010f9ca31daf5427d06efef
https://git.alpinelinux.org/aports/commit/?id=dff85e5b601949d4052c57624e404e5788eec9d0
https://git.alpinelinux.org/aports/commit/?id=a4e3789df52208f238990273e87a14b5556b9f69