IBM039820E0D2C1C1D744DE0A2568F51EBBA6C224559BB4D6776931B1353E631C76Security Bulletin: Vulnerability in bind affects SmartCloud Entry (CVE-2016-9147)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure.
Vulnerability Details
CVEID: CVE-2016-9147**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120473 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 8,
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 8,
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 23,
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 23
Remediation/Fixes
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance Fixpack 9:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP009&source=SAR
SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance Fixpack 9:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP009&source=SAR&function=fixId&parent=ibm/Other%20software
SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance Fixpack 24:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP24&source=SAR
SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.1 Appliance Fixpack 24:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP24&source=SAR&function=fixId&parent=ibm/Other%20software
Workarounds and Mitigations
None
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P