#VU103 AXFR/IXFR response processing flaw in BIND in ISC BIND - CVE-2016-6170


| Updated: 2021-01-21

Vulnerability identifier: #VU103

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-6170

CWE-ID: CWE-233

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ISC BIND
Server applications / DNS servers

Vendor: ISC

Description

The vulnerability allows a remote attacker to cause the target service to crash.

The vulnerability exists due to resource error in BIND. A remote primary DNS server can cause the target secondary DNS server to crash by sending a specially crafted AXFR response or IXFR response. A remote unauthenticated attacker may be able to send a specially crafted UPDATE message to cause the target server to crash.

Successful exploitation of this vulnerability may result in denial of service.

Mitigation

Cybersecurity Help is currently unaware of any official solution, which resolves this vulnerability.

A third-party unofficial patch is available at: https://github.com/sischkg/xfer-limit.

Vulnerable software versions

ISC BIND: 9.9.9-P1 - 9.10.4-P1

External links
https://kb.isc.org/article/AA-01390

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for bind9
Multiple vulnerabilities in Dell EMC Unisphere Central
OpenSUSE Linux update for bind
SUSE Linux update for bind
SUSE Linux update for bind
Fedora 23 update for bind99
Fedora 24 update for bind99
Fedora 25 update for bind99
Denial of service vulnerability in BIND