CVE-2016-6173

Published on: 02/09/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:10 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Nsd from Nlnetlabs contain the following vulnerability:

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

  • CVE-2016-6173 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 7.8 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
[nsd-users] NSD 4.1.11 Release Notes
Vendor Advisory
open.nlnetlabs.nl
text/html
URL Logo MLIST [nsd-users] 20160809 NSD 4.1.11
Release Notes
Vendor Advisory
www.nlnetlabs.nl
text/plain
CONFIRM www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES
oss-security - Re: Malicious primary DNS servers can crash secondaries Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries
[dns-operations] DNS activities in Japan Third Party Advisory
lists.dns-oarc.net
text/html
URL Logo MLIST [dns-operations] 20160704 DNS activities in Japan
Multiple DNS Servers Remote Denial of Service Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 91678
oss-security - Malicious primary DNS servers can crash secondaries Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160706 Malicious primary DNS servers can crash secondaries
Bug 790 – A master can kill a NSD slave with infinite zones Issue Tracking
www.nlnetlabs.nl
text/html
URL Logo CONFIRM www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
xfer-limit/README.md at master · sischkg/xfer-limit · GitHub Third Party Advisory
github.com
text/html
URL Logo MISC github.com/sischkg/xfer-limit/blob/master/README.md

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationNlnetlabsNsdAllAllAllAll
  • cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*: