CVE-2016-6170

Published Jul 6, 2016

Last updated 4 years ago

CVSS medium 6.5

Overview

Description: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "493B9A51-FA5C-4E94-871F-83AE4ED9EA1D",
            "versionEndIncluding": "9.9.8",
            "versionStartIncluding": "9.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "667502D2-746A-4FE6-8752-ED19ADA20981",
            "versionEndIncluding": "9.10.3",
            "versionStartIncluding": "9.10.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A2CF04B-BF26-43F9-8BF4-CEBB9BE3AE55"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81E0A500-84EA-47E2-9767-19D8D08CC344"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E53DC4-53B9-4127-9B8D-96DFFD1E340F"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "477AA5E9-2C6F-4CCC-B596-F3DF5AAB13C3"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D72B0718-8054-4C8C-8FAF-0DC79C3B4D4D"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F155EC7-B84E-4C05-908A-BFBAF2CE612D"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6C3D04E-B352-4124-A8A5-68AA90EC95DC"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E053C268-5C5F-4ED4-91CF-F8F795185C25"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References