CVE-2016-2776: Input Validation
First published: Wed Sep 28 2016(Updated: )
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Linux | =5.0 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| Oracle VM Server | =3.2 | |
| Oracle VM Server | =3.3 | |
| Oracle VM Server | =3.4 | |
| BIND 9 | <=9.9.9 | |
| BIND 9 | =9.10.0 | |
| BIND 9 | =9.10.0-a1 | |
| BIND 9 | =9.10.0-a2 | |
| BIND 9 | =9.10.0-b1 | |
| BIND 9 | =9.10.0-b2 | |
| BIND 9 | =9.10.0-p1 | |
| BIND 9 | =9.10.0-p2 | |
| BIND 9 | =9.10.0-rc1 | |
| BIND 9 | =9.10.0-rc2 | |
| BIND 9 | =9.10.1 | |
| BIND 9 | =9.10.1-b1 | |
| BIND 9 | =9.10.1-b2 | |
| BIND 9 | =9.10.1-p1 | |
| BIND 9 | =9.10.1-p2 | |
| BIND 9 | =9.10.1-rc1 | |
| BIND 9 | =9.10.1-rc2 | |
| BIND 9 | =9.10.2-b1 | |
| BIND 9 | =9.10.2-p1 | |
| BIND 9 | =9.10.2-p2 | |
| BIND 9 | =9.10.2-p3 | |
| BIND 9 | =9.10.2-p4 | |
| BIND 9 | =9.10.2-rc1 | |
| BIND 9 | =9.10.2-rc2 | |
| BIND 9 | =9.10.3 | |
| BIND 9 | =9.10.3-b1 | |
| BIND 9 | =9.10.3-p1 | |
| BIND 9 | =9.10.3-p2 | |
| BIND 9 | =9.10.3-p3 | |
| BIND 9 | =9.10.3-p4 | |
| BIND 9 | =9.10.3-rc1 | |
| BIND 9 | =9.10.4-p2 | |
| BIND 9 | =9.10.4-p3 | |
| BIND 9 | =9.11.0-a1 | |
| BIND 9 | =9.11.0-a2 | |
| BIND 9 | =9.11.0-a3 | |
| BIND 9 | =9.11.0-b1 | |
| BIND 9 | =9.11.0-b2 | |
| BIND 9 | =9.11.0-b3 | |
| BIND 9 | =9.11.0-rc1 | |
| HPE HP-UX | =11.31 | |
| Oracle Solaris SPARC | =10.0 | |
| Oracle Solaris SPARC | =11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-1944.html
- http://rhn.redhat.com/errata/RHSA-2016-1945.html
- http://rhn.redhat.com/errata/RHSA-2016-2099.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.securityfocus.com/bid/93188
- http://www.securitytracker.com/id/1036903
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107
- https://kb.isc.org/article/AA-01419/0
- https://kb.isc.org/article/AA-01435
- https://kb.isc.org/article/AA-01436
- https://kb.isc.org/article/AA-01438
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc
- https://security.gentoo.org/glsa/201610-07
- https://security.netapp.com/advisory/ntap-20160930-0001/
- https://www.exploit-db.com/exploits/40453/
Frequently Asked Questions
What is the severity of CVE-2016-2776?
CVE-2016-2776 is classified as a denial of service vulnerability affecting ISC BIND.
How do I fix CVE-2016-2776?
To fix CVE-2016-2776, upgrade to ISC BIND versions 9.9.9-P3, 9.10.4-P3, or 9.11.0rc3 or later.
What versions of ISC BIND are affected by CVE-2016-2776?
CVE-2016-2776 affects ISC BIND versions before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3.
What can attackers do with CVE-2016-2776?
Attackers can exploit CVE-2016-2776 to create crafted queries that trigger assertion failures, leading to daemon exits and denial of service.
Which operating systems are affected by CVE-2016-2776?
CVE-2016-2776 affects various Oracle Linux and Oracle Solaris versions where ISC BIND is deployed.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/5.0
- version/oracle linux/6
- version/oracle linux/7
- canonical/oracle vm server
- version/oracle vm server/3.2
- version/oracle vm server/3.3
- version/oracle vm server/3.4
- vendor/isc
- canonical/bind 9
- version/bind 9/9.9.9
- version/bind 9/9.10.0
- version/bind 9/9.10.0-a1
- version/bind 9/9.10.0-a2
- version/bind 9/9.10.0-b1
- version/bind 9/9.10.0-b2
- version/bind 9/9.10.0-p1
- version/bind 9/9.10.0-p2
- version/bind 9/9.10.0-rc1
- version/bind 9/9.10.0-rc2
- version/bind 9/9.10.1
- version/bind 9/9.10.1-b1
- version/bind 9/9.10.1-b2
- version/bind 9/9.10.1-p1
- version/bind 9/9.10.1-p2
- version/bind 9/9.10.1-rc1
- version/bind 9/9.10.1-rc2
- version/bind 9/9.10.2-b1
- version/bind 9/9.10.2-p1
- version/bind 9/9.10.2-p2
- version/bind 9/9.10.2-p3
- version/bind 9/9.10.2-p4
- version/bind 9/9.10.2-rc1
- version/bind 9/9.10.2-rc2
- version/bind 9/9.10.3
- version/bind 9/9.10.3-b1
- version/bind 9/9.10.3-p1
- version/bind 9/9.10.3-p2
- version/bind 9/9.10.3-p3
- version/bind 9/9.10.3-p4
- version/bind 9/9.10.3-rc1
- version/bind 9/9.10.4-p2
- version/bind 9/9.10.4-p3
- version/bind 9/9.11.0-a1
- version/bind 9/9.11.0-a2
- version/bind 9/9.11.0-a3
- version/bind 9/9.11.0-b1
- version/bind 9/9.11.0-b2
- version/bind 9/9.11.0-b3
- version/bind 9/9.11.0-rc1
- vendor/hp
- canonical/hpe hp-ux
- version/hpe hp-ux/11.31
- canonical/oracle solaris sparc
- version/oracle solaris sparc/10.0
- version/oracle solaris sparc/11.3