[HUB] CVE-2015-5477: Security vulnerability in BIND

Refers to:

  • Plesk

Created:

2016-11-16 12:52:28 UTC

Modified:

2016-12-21 19:25:37 UTC

0

Was this article helpful?


Have more questions?

Submit a request

[HUB] CVE-2015-5477: Security vulnerability in BIND

Situation

An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.

Impact

Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

To check whether the used version of BIND is vulnerable, visit the following pages:
https://rhn.redhat.com/errata/RHSA-2015-1513.html
https://rhn.redhat.com/errata/RHSA-2015-1514.html
https://rhn.redhat.com/errata/RHSA-2015-1515.html

Operators should take steps to upgrade to a patched version as soon as possible.

More information about CVE-2015-5477 can be found on ISC website

Call to Action

Update BIND package to the latest version.

RedHat/CentOS:

# yum update bind

Debian/Ubuntu:

# apt-get install bind9

OpenSUSE:

# zypper update bind

For H-sphere Bind follow this article:

[H-sphere] CVE-2015-5477 BIND vulnerability

The fixed version of BIND have been released by the OS vendors:

Odin takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

We also strongly encourage you to stay connected to Odin for important product-related information via these methods:

Have more questions? Submit a request
Please sign in to leave a comment.