ISC BIND is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
ISC BIND versions 9.0.x through 9.9.9-P1, 9.10.0 through 9.10.4-P1 and 9.11.0a3 through 9.11.0b1 are vulnerable.
Information
SuSE Linux Enterprise Software Development Kit 12 SP1
SuSE Linux Enterprise Server for SAP 12
SuSE Linux Enterprise Server for Raspberry Pi 12-SP2
SuSE Linux Enterprise Server 12-SP2
SuSE Linux Enterprise Server 12-SP1
SuSE Linux Enterprise Server 12-LTSS
SuSE Linux Enterprise Desktop 12-SP2
SuSE Linux Enterprise Desktop 12-SP1
ISC BIND 9.0.1
ISC BIND 9.0
IBM Vios 2.2.3
IBM Vios 2.2.1 4
IBM Vios 2.2
IBM Vios 2.2.4.0
IBM Vios 2.2.3.4
IBM Vios 2.2.3.3
IBM Vios 2.2.3.2
IBM Vios 2.2.3.0
IBM Vios 2.2.2.6
IBM Vios 2.2.2.5
IBM Vios 2.2.2.4
IBM Vios 2.2.2.0
IBM Vios 2.2.1.9
IBM Vios 2.2.1.8
IBM Vios 2.2.1.3
IBM Vios 2.2.1.1
IBM Vios 2.2.1.0
IBM Vios 2.2.0.13
IBM Vios 2.2.0.12
IBM Vios 2.2.0.11
IBM Vios 2.2.0.10
IBM Aix 7.2
IBM AIX 7.1
IBM AIX 6.1
IBM AIX 5.3
HP HP-UX B.11.31
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
References:
- ISC BIND Homepage (ISC)
- Bug 1357803 - (CVE-2016-2775) CVE-2016-2775 bind: Too long query name causes se (Bugzilla)
- CVE-2016-2775: A query name which is too long can cause a segmentation fault in (ISC)
- HPSBUX03664 SSRT110248 rev.1 HP-UX BIND Service running named, Remote Denial of (HP)
- Security Bulletin: Vulnerabilities in BIND impact AIX (CVE-2016-2776 and CV (IBM)