Denial of Service in ISC BIND 9.x Domains
CVE-2015-8000

Currently unrated

Key Information:

Vendor

Oracle
Status
Linux
Solaris
Vm Server
Vendor
CVE Published:
16 December 2015

What is CVE-2015-8000?

A vulnerability in ISC BIND versions prior to 9.9.8-P2 and 9.10.3-P2 allows remote attackers to exploit a flaw in the network handling of class attributes. This can lead to a denial of service condition where the daemon may fail due to an assertion failure, resulting in an unexpected termination. Users are advised to update their software to the latest versions to mitigate this issue.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=145680832702035&w=2
vendor-advisoryx_refsource_HP
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-rel...
x_refsource_CONFIRM

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-8000 : Denial of Service in ISC BIND 9.x Domains