CVE-2016-2088: Input Validation
First published: Wed Mar 09 2016(Updated: )
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC BIND | =9.10.0 | |
| ISC BIND | =9.10.0-a1 | |
| ISC BIND | =9.10.0-a2 | |
| ISC BIND | =9.10.0-b1 | |
| ISC BIND | =9.10.0-b2 | |
| ISC BIND | =9.10.0-p1 | |
| ISC BIND | =9.10.0-p2 | |
| ISC BIND | =9.10.0-rc1 | |
| ISC BIND | =9.10.0-rc2 | |
| ISC BIND | =9.10.1 | |
| ISC BIND | =9.10.1-b1 | |
| ISC BIND | =9.10.1-b2 | |
| ISC BIND | =9.10.1-p1 | |
| ISC BIND | =9.10.1-p2 | |
| ISC BIND | =9.10.1-rc1 | |
| ISC BIND | =9.10.1-rc2 | |
| ISC BIND | =9.10.2-b1 | |
| ISC BIND | =9.10.2-p1 | |
| ISC BIND | =9.10.2-p2 | |
| ISC BIND | =9.10.2-p3 | |
| ISC BIND | =9.10.2-p4 | |
| ISC BIND | =9.10.2-rc1 | |
| ISC BIND | =9.10.2-rc2 | |
| ISC BIND | =9.10.3 | |
| ISC BIND | =9.10.3-b1 | |
| ISC BIND | =9.10.3-p1 | |
| ISC BIND | =9.10.3-p2 | |
| ISC BIND | =9.10.3-p3 | |
| ISC BIND | =9.10.3-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
- http://www.securityfocus.com/bid/84290
- http://www.securitytracker.com/id/1035238
- https://kb.isc.org/article/AA-01351
- https://kb.isc.org/article/AA-01380
- https://security.gentoo.org/glsa/201610-07
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/isc
- canonical/isc bind
- version/isc bind/9.10.0
- version/isc bind/9.10.0-a1
- version/isc bind/9.10.0-a2
- version/isc bind/9.10.0-b1
- version/isc bind/9.10.0-b2
- version/isc bind/9.10.0-p1
- version/isc bind/9.10.0-p2
- version/isc bind/9.10.0-rc1
- version/isc bind/9.10.0-rc2
- version/isc bind/9.10.1
- version/isc bind/9.10.1-b1
- version/isc bind/9.10.1-b2
- version/isc bind/9.10.1-p1
- version/isc bind/9.10.1-p2
- version/isc bind/9.10.1-rc1
- version/isc bind/9.10.1-rc2
- version/isc bind/9.10.2-b1
- version/isc bind/9.10.2-p1
- version/isc bind/9.10.2-p2
- version/isc bind/9.10.2-p3
- version/isc bind/9.10.2-p4
- version/isc bind/9.10.2-rc1
- version/isc bind/9.10.2-rc2
- version/isc bind/9.10.3
- version/isc bind/9.10.3-b1
- version/isc bind/9.10.3-p1
- version/isc bind/9.10.3-p2
- version/isc bind/9.10.3-p3
- version/isc bind/9.10.3-rc1