ISC BIND 'isselfsigned()' Function Remote Denial of Service Vulnerability

ISC BIND is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Information

Bugtraq ID: 75588
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2015-4620

Remote: Yes
Local: No
Published: Jul 07 2015 12:00AM
Updated: Apr 13 2017 02:05PM
Credit: ISC
Vulnerable: Ubuntu Ubuntu Linux 15.04
Ubuntu Ubuntu Linux 14.10
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
SuSE openSUSE Evergreen 11.4
Slackware Slackware Linux 14.1
Slackware Linux x86_64 -current
Slackware Linux 14.1 x86_64
Slackware Linux 14.0 x86_64
Slackware Linux 14.0
Slackware Linux 13.37 x86_64
Slackware Linux 13.37
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux -current
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Oracle Enterprise Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Juniper NorthStar Controller Application 2.1.0
ISC BIND 9.7.1-P2
ISC BIND 9.7.1 P1
ISC BIND 9.7.1
IBM Lotus Protector for Mail Security 2.8 0
IBM Lotus Protector for Mail Security 2.8.1.0
IBM i V5R4 7.2
IBM i V5R4 7.1
IBM i V5R4 6.1
IBM i V5R3 7.2
IBM i V5R3 7.1
IBM i V5R3 6.1
IBM i V5R2 7.2
IBM i V5R2 7.1
IBM i V5R2 6.1
IBM i V5R1 7.2
IBM i V5R1 7.1
IBM i V5R1 6.1
IBM i V4R4 7.2
IBM i V4R4 7.1
IBM i V4R4 6.1
IBM i V4R3 7.2
IBM i V4R3 7.1
IBM i V4R3 6.1
IBM i V4R2 7.2
IBM i V4R2 7.1
IBM i V4R2 6.1
IBM i V4R1 7.2
IBM i V4R1 7.1
IBM i V4R1 6.1
IBM i V3R7 7.2
IBM i V3R7 7.1
IBM i V3R7 6.1
HP HP-UX B.11.31
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 7

Not Vulnerable: Juniper NorthStar Controller Application 2.1.0 Service Pack 1

References:

• Bug 1237258 - (CVE-2015-4620) CVE-2015-4620 bind: abort DoS caused by uninitiali (Red Hat Bugzilla)
  
• CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash whe (Michael McNally)
  
• ISC BIND Homepage (ISC)
  
• [security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote De (HP)
  
• 2107-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Appl (juniper)
  
• Security Advisory Important: bind security update (Red Hat)
  
• Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2015 (IBM)
  
• Security Bulletin: ISC BIND DNSSEC Denial of Service (CVE-2015-4620) (IBM)
  

Source: www.securityfocus.com