CVE-2016-6170

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-6170
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.openwall.com/lists/oss-security/2016/07/06/3 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/91611 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036241 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353563 Issue Tracking Patch Third Party Advisory
https://github.com/sischkg/xfer-limit/blob/master/README.md Exploit Patch Third Party Advisory
https://kb.isc.org/article/AA-01390 Vendor Advisory
https://kb.isc.org/article/AA-01390/169/CVE-2016-6170 Vendor Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html Mailing List Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html Mailing List Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201610-07 Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/07/06/3 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/91611 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036241 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353563 Issue Tracking Patch Third Party Advisory
https://github.com/sischkg/xfer-limit/blob/master/README.md Exploit Patch Third Party Advisory
https://kb.isc.org/article/AA-01390 Vendor Advisory
https://kb.isc.org/article/AA-01390/169/CVE-2016-6170 Vendor Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html Mailing List Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html Mailing List Third Party Advisory
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201610-07 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.9:beta1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.9:beta2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
History

21 Nov 2024, 02:55

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2016/07/06/3 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2016/07/06/3 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/91611 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/91611 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1036241 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1036241 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=1353563 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1353563 - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/sischkg/xfer-limit/blob/master/README.md - Exploit, Patch, Third Party Advisory () https://github.com/sischkg/xfer-limit/blob/master/README.md - Exploit, Patch, Third Party Advisory
References () https://kb.isc.org/article/AA-01390 - Vendor Advisory () https://kb.isc.org/article/AA-01390 - Vendor Advisory
References () https://kb.isc.org/article/AA-01390/169/CVE-2016-6170 - Vendor Advisory () https://kb.isc.org/article/AA-01390/169/CVE-2016-6170 - Vendor Advisory
References () https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html - Mailing List, Third Party Advisory () https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html - Mailing List, Third Party Advisory
References () https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html - Mailing List, Third Party Advisory () https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html - Mailing List, Third Party Advisory
References () https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html - Mailing List, Third Party Advisory () https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html - Mailing List, Third Party Advisory
References () https://security.gentoo.org/glsa/201610-07 - Third Party Advisory () https://security.gentoo.org/glsa/201610-07 - Third Party Advisory
Information

Published : 2016-07-06 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-6170

Mitre link : CVE-2016-6170

CVE.ORG link : CVE-2016-6170

JSON object : View

Products Affected

redhat

  • enterprise_linux

isc

  • bind
CWE
CWE-20

Improper Input Validation