K92991044: lwresd and bind vulnerability CVE-2016-2775

Security Advisory Description ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service daemon crash via a long request that uses the lightweight resolver protocol...

Denial Of Service (DoS)

libbind9.so is vulnerable to denial of service. An attacker is able to trigger an infinite recursion in lwresd and named using a non absolute name for getrrsetbyname that exceeds the maximum allowable length, resulting in a denial of service condition...

Denial Of Service (DoS)

libbind9.so is vulnerable to denial of service. An attacker is able to trigger an infinite recursion in lwresd and named using a non absolute name for getrrsetbyname that exceeds the maximum allowable length, resulting in a denial of service condition...

Moderate: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 7.2 Extended Update Support and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whi...

bind: Too long query name causes segmentation fault in lwresd

It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or...

bind: Too long query name causes segmentation fault in lwresd

It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or...

AIX 6.1 TL 9 : bind (IV89828) (deprecated)

https://vulners.com/cve/CVE-2016-2776 https://vulners.com/cve/CVE-2016-2776 ISC BIND is vulnerable to a denial of service, caused by an assertion failure in buffer.c while a nameserver is building responses to a specifically constructed request. By sending a specially crafted DNS packet, a remote...

AIX 5.3 TL 12 : bind (IV90056) (deprecated)

https://vulners.com/cve/CVE-2016-2776 https://vulners.com/cve/CVE-2016-2776 ISC BIND is vulnerable to a denial of service, caused by an assertion failure in buffer.c while a nameserver is building responses to a specifically constructed request. By sending a specially crafted DNS packet, a remote...

Amazon Linux: Security Advisory (ALAS-2016-745)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-645-1 : bind9 security update

CVE-2016-2775 lwresd crash with long query name Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232. CVE-2016-2776 assertion failure due to unspecified crafted query Fix based on 43139-9-9.patch from ISC. For Debian 7 'Wheezy', these problems have been fixed in version...

Updated bind packages fix security vulnerability

The lwresd component in BIND which is not enabled by default could crash while processing an overlong request name. This could lead to a denial of service CVE-2016-2775. A crafted query could crash the BIND name server daemon, leading to a denial of service. All server roles authoritative,...

MGASA-2016-0332 Updated bind packages fix security vulnerability

The lwresd component in BIND which is not enabled by default could crash while processing an overlong request name. This could lead to a denial of service CVE-2016-2775. A crafted query could crash the BIND name server daemon, leading to a denial of service. All server roles authoritative,...

Debian DSA-3680-1 : bind9 - security update

Two vulnerabilities were reported in BIND, a DNS server. - CVE-2016-2775 The lwresd component in BIND which is not enabled by default could crash while processing an overlong request name. This could lead to a denial of service. - CVE-2016-2776 A crafted query could crash the BIND name server...

ISC BIND lwresd Denial of Service Vulnerability

ISC BIND is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if description...

SOL92991044 - lwresd and bind vulnerability CVE-2016-2775

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

bind -- denial of service vulnerability

ISC reports: A query name which is too long can cause a segmentation fault in lwresd...

OracleVM 3.3 : bind (OVMSA-2014-0084)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 1171973 - Use /dev/urandom when generating rndc.key file 951255 - Remove bogus file from /usr/share/doc, introduced by fix for bug 1092035 - Add support for TLSA resource records...