Denial of Service in ISC BIND 9.x Domains
CVE-2015-8000

Currently unrated

Key Information:

Vendor: Oracle
Status: Linux; Solaris; Vm Server
Vendor: CVE Published:; 16 December 2015

Summary

A vulnerability in ISC BIND versions prior to 9.9.8-P2 and 9.10.3-P2 allows remote attackers to exploit a flaw in the network handling of class attributes. This can lead to a denial of service condition where the daemon may fail due to an assertion failure, resulting in an unexpected termination. Users are advised to update their software to the latest versions to mitigate this issue.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=145680832702035&w=2

vendor-advisoryx_refsource_HP

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-rel...

x_refsource_CONFIRM

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 16, 2015
Vulnerability Reserved
Oct 28, 2015