GoogleOSV:DSA-3319-1

HistoryJul 28, 2015 - 12:00 a.m.

bind9 - security update

2015-07-2800:00:00

Google

osv.dev

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Jonathan Foote discovered that the BIND DNS server does not properly
handle TKEY queries. A remote attacker can take advantage of this flaw
to mount a denial of service via a specially crafted query triggering an
assertion failure and causing BIND to exit.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.

For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u2.

We recommend that you upgrade your bind9 packages.

CPENameOperatorVersion
bind9eq1:9.9.5.dfsg-9
bind9eq1:9.9.5.dfsg-9+deb8u1

CPE	Name	Operator	Version
	bind9	eq	1:9.9.5.dfsg-9
	bind9	eq	1:9.9.5.dfsg-9+deb8u1

References

www.debian.org/security/2015/dsa-3319

nessus

AIX 6.1 TL 8 : bind9 (IV75694)

2015-08-17 00:00:00

Amazon Linux AMI : bind (ALAS-2015-573)

2015-07-29 00:00:00

Oracle Linux 6 / 7 : bind (ELSA-2015-1513)

2015-07-29 00:00:00

archlinux

bind: denial of service

2015-07-29 00:00:00

altlinux

Security fix for the ALT Linux 8 package bind version 9.9.7-alt1

2015-07-28 00:00:00

Security fix for the ALT Linux 7 package bind version 9.9.7-alt1

2015-07-28 00:00:00

Security fix for the ALT Linux 9 package bind version 9.9.7-alt1

2015-07-28 00:00:00

suse

Security update for bind (important)

2015-08-03 12:08:36

Security update for bind (important)

2015-07-30 14:08:45

Security update for bind (important)

2015-07-28 21:08:56

zdt

BIND9 TKEY Query Denial of Service Exploit

2015-08-04 00:00:00

ISC BIND9 TKEY Remote DoS PoC

2015-08-05 00:00:00

BIND9 - TKEY PoC Exploit

2015-08-01 00:00:00

debiancve

CVE-2015-5477

2015-07-29 14:59:00

amazon

Critical: bind

2015-07-28 11:32:00

centos

bind, caching security update

2015-07-29 02:04:03

bind97 security update

2015-07-29 02:03:50

bind security update

2015-07-29 01:43:33

SOL16909 - BIND vulnerability CVE-2015-5477

2015-07-28 00:00:00

K16909 : BIND vulnerability CVE-2015-5477

2015-11-03 00:00:00

metasploit

BIND TKEY Query Denial of Service

2015-08-01 11:01:35

openvas

SUSE: Security Advisory (SUSE-SU-2015:1304-1)

2021-06-09 00:00:00

SUSE: Security Advisory for bind (SUSE-SU-2015:1305-1)

2015-10-16 00:00:00

Slackware: Security Advisory (SSA:2015-209-01)

2022-04-21 00:00:00

slackware

[slackware-security] bind

2015-07-28 19:38:44

checkpoint_advisories

ISC BIND TKEY Queries Assertion Failure (CVE-2015-5477)

2020-12-22 00:00:00

ISC BIND Invalid TKEY Query Denial Of Service (CVE-2015-5477; CVE-2020-8625)

2015-08-01 00:00:00

hackerone

ownCloud: doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

2017-03-31 03:48:28

Nextcloud: ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

2017-06-07 23:28:05

ownCloud: owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

2015-09-15 20:11:07

exploitpack

ISC BIND 9 - TKEY (PoC)

2015-08-01 00:00:00

ISC BIND 9 - TKEY Remote Denial of Service (PoC)

2015-08-05 00:00:00

redhat

(RHSA-2015:1515) Important: bind97 security update

2015-07-28 00:00:00

(RHSA-2015:1514) Important: bind security update

2015-07-28 00:00:00

(RHSA-2015:1513) Important: bind security update

2015-07-28 00:00:00

freebsd

bind -- denial of service vulnerability

2015-07-21 00:00:00

securityvulns

APPLE-SA-2015-08-13-4 OS X Server v4.1.5

2015-08-17 00:00:00

ISC bind named DoS

2015-08-03 00:00:00

FreeBSD Security Advisory FreeBSD-SA-15:17.bind

2015-08-03 00:00:00

ubuntucve

CVE-2015-5477

2015-07-28 00:00:00

cve

CVE-2015-5477

2015-07-29 14:59:00

fedora

[SECURITY] Fedora 22 Update: bind-9.10.2-4.P3.fc22

2015-08-01 02:25:40

[SECURITY] Fedora 22 Update: bind99-9.9.7-6.P2.fc22

2015-08-01 02:27:27

[SECURITY] Fedora 21 Update: bind-9.9.6-10.P1.fc21

2015-08-01 02:26:01

myhack58

A data packet to eliminate a single server of the DNS vulnerability-vulnerability warning-the black bar safety net

2015-08-02 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:06:56

packetstorm

BIND TKEY Query Denial Of Service

2015-07-31 00:00:00

freebsd_advisory

FreeBSD-SA-15:17.bind

2015-07-28 00:00:00

ibm

Security Bulletin: Vulnerability in BIND affects IBM Netezza Host Management (CVE-2015-5477)

2019-10-18 03:10:29

Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2015-5477 and CVE-2015-4620.

2019-12-18 14:26:38

Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:30:13

threatpost

Critical Remotely Exploitable Bug Haunts BIND

2015-07-29 09:09:28

debian

[SECURITY] [DSA 3319-1] bind9 security update

2015-07-28 19:05:08

[SECURITY] [DSA 3319-1] bind9 security update

2015-07-28 19:05:25

[SECURITY] [DLA 285-1] bind9 security update

2015-07-28 19:23:55

prion

Authentication flaw

2015-07-29 14:59:00

osv

bind9 - security update

2015-07-28 00:00:00

oraclelinux

bind security update

2015-07-29 00:00:00

bind security update

2015-07-29 00:00:00

bind97 security update

2015-07-29 00:00:00

aix

Vulnerability in BIND affects AIX,Vulnerability in BIND affects VIOS

2015-08-13 10:35:36

mageia

Updated bind package fixes security vulnerability

2015-08-01 01:46:26

exploitdb

ISC BIND 9 - TKEY (PoC)

2015-08-01 00:00:00

ISC BIND 9 - TKEY Remote Denial of Service (PoC)

2015-08-05 00:00:00

ubuntu

Bind vulnerabilities

2015-07-28 00:00:00

gentoo

BIND: Denial of service

2015-10-18 00:00:00

bind9 - security update

References

Related