CVE-2016-2775

Published on: 07/19/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Fedora from Fedoraproject contain the following vulnerability:

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

  • CVE-2016-2775 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
404 Page not found Broken Link
kb.isc.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM kb.isc.org/article/AA-01436
404 Page not found Broken Link
kb.isc.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM kb.isc.org/article/AA-01438
ISC BIND CVE-2016-2775 Remote Denial of Service Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 92037
BIND Lightweight Resolution Bug in Processing Long Queries Lets Remote Users Cause the Target Service to Crash - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1036360
[SECURITY] Fedora 24 Update: bind99-9.9.9-1.P2.fc24 - package-announce - Fedora Mailing-Lists Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-53f0c65f40
CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd | Internet Systems Consortium Knowledge Base Patch
Vendor Advisory
kb.isc.org
text/html
URL Logo CONFIRM kb.isc.org/article/AA-01393/74/CVE-2016-2775
Document Display | HPE Support Center Patch
Vendor Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107
[SECURITY] Fedora 23 Update: bind-9.10.4-1.P2.fc23 - package-announce - Fedora Mailing-Lists Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-3fba74e7f5
Red Hat Customer Portal Third Party Advisory
access.redhat.com
text/html
URL Logo REDHAT RHSA-2017:2533
Red Hat Customer Portal Third Party Advisory
access.redhat.com
text/html
URL Logo REDHAT RHBA-2017:1767
[SECURITY] Fedora 24 Update: bind-9.10.4-1.P2.fc24 - package-announce - Fedora Mailing-Lists Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-007efacd1c
BIND: Multiple vulnerabilities (GLSA 201610-07) — Gentoo Security Third Party Advisory
security.gentoo.org
text/html
URL Logo GENTOO GLSA-201610-07
[SECURITY] Fedora 23 Update: bind99-9.9.9-1.P2.fc23 - package-announce - Fedora Mailing-Lists Mailing List
Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-2941b3264e
Red Hat Customer Portal Third Party Advisory
access.redhat.com
text/html
URL Logo REDHAT RHBA-2017:0651
404 Page not found Broken Link
kb.isc.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM kb.isc.org/article/AA-01435
CVE-2016-2775 ISC BIND Vulnerability in Multiple NetApp Products | NetApp Product Security Third Party Advisory
security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20160722-0002/

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
Operating
System
HpHp-uxb.11.31AllAllAll
Operating
System
HpHp-uxb.11.31AllAllAll
ApplicationIscBind9.10.4-AllAll
ApplicationIscBind9.10.4beta1AllAll
ApplicationIscBind9.10.4beta2AllAll
ApplicationIscBind9.10.4beta3AllAll
ApplicationIscBind9.10.4p1AllAll
ApplicationIscBind9.11.0-AllAll
ApplicationIscBind9.11.0alpha1AllAll
ApplicationIscBind9.11.0alpha2AllAll
ApplicationIscBind9.11.0alpha3AllAll
ApplicationIscBind9.11.0beta1AllAll
ApplicationIscBind9.9.9-AllAll
ApplicationIscBind9.9.9b1AllAll
ApplicationIscBind9.9.9b2AllAll
ApplicationIscBind9.9.9p1AllAll
ApplicationIscBind9.9.9rc1AllAll
ApplicationIscBind9.9.9s1AllAll
ApplicationIscBind9.9.9s1rc1AllAll
ApplicationIscBind9.10.4-AllAll
ApplicationIscBind9.10.4beta1AllAll
ApplicationIscBind9.10.4beta2AllAll
ApplicationIscBind9.10.4beta3AllAll
ApplicationIscBind9.10.4p1AllAll
ApplicationIscBind9.11.0-AllAll
ApplicationIscBind9.11.0alpha1AllAll
ApplicationIscBind9.11.0alpha2AllAll
ApplicationIscBind9.11.0alpha3AllAll
ApplicationIscBind9.11.0beta1AllAll
ApplicationIscBind9.9.9-AllAll
ApplicationIscBind9.9.9b1AllAll
ApplicationIscBind9.9.9b2AllAll
ApplicationIscBind9.9.9p1AllAll
ApplicationIscBind9.9.9rc1AllAll
ApplicationIscBind9.9.9s1AllAll
ApplicationIscBind9.9.9s1rc1AllAll
ApplicationIscBindAllAllAllAll
ApplicationIscBindAllAllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*:
  • cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:-:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:b1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:b2:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:s1rc1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:beta2:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:beta3:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:-:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:alpha1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:alpha2:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:alpha3:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.11.0:beta1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:b1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:b2:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:9.9.9:s1rc1:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*: