SB2016111109 - Fedora 25 update for bind99 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016111109

SB2016111109 - Fedora 25 update for bind99

Published: November 11, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016111109
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) AXFR/IXFR response processing flaw in BIND (CVE-ID: CVE-2016-6170)

The vulnerability allows a remote attacker to cause the target service to crash.

The vulnerability exists due to resource error in BIND. A remote primary DNS server can cause the target secondary DNS server to crash by sending a specially crafted AXFR response or IXFR response. A remote unauthenticated attacker may be able to send a specially crafted UPDATE message to cause the target server to crash.

Successful exploitation of this vulnerability may result in denial of service.


2) Denial of service (CVE-ID: CVE-2016-8864)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to imptoper input validation. By returning a recursive response containing a specially crafted DNAME answer, a remote attacker can trigger a flaw in 'db.c' or 'resolver.c' and cause the target resolver to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Remediation

Install update from vendor's website.

References