Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-2775

Published: 19 July 2016

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Notes

AuthorNote
mdeslaur
only if lwres is configured (not the default)
lwresd package is in universe

Priority

Medium

Cvss 3 Severity Score

5.9

Score breakdown

Status

Package Release Status
bind9
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1:9.11.2.P1-1ubuntu3)
cosmic Not vulnerable
(1:9.11.2.P1-1ubuntu3)
disco Not vulnerable
(1:9.11.2.P1-1ubuntu3)
eoan Not vulnerable
(1:9.11.2.P1-1ubuntu3)
focal Not vulnerable
(1:9.11.2.P1-1ubuntu3)
groovy Not vulnerable
(1:9.11.2.P1-1ubuntu3)
hirsute Not vulnerable
(1:9.11.2.P1-1ubuntu3)
impish Not vulnerable
(1:9.11.2.P1-1ubuntu3)
jammy Not vulnerable
(1:9.11.2.P1-1ubuntu3)
kinetic Not vulnerable
(1:9.11.2.P1-1ubuntu3)
precise Ignored
(end of ESM support, was needed)
trusty
Released (1:9.9.5.dfsg-3ubuntu0.19+esm9)
upstream Needs triage

wily Ignored
(reached end-of-life)
xenial
Released (1:9.10.3.dfsg.P4-8ubuntu1.19+esm5)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://gitlab.isc.org/isc-projects/bind9/-/commit/38cc2d14e218e536e0102fa70deef99461354232

Severity score breakdown

Parameter Value
Base score 5.9
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H