Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9778

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.

Published

2019-01-16T20:29:00.253

Last Modified

2024-11-21T03:01:44.017

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-388
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application isc bind 9.9.8 Yes
Application isc bind 9.9.8 Yes
Application isc bind 9.9.8 Yes
Application isc bind 9.9.9 Yes
Application isc bind 9.9.9 Yes
Application isc bind 9.11.0 Yes
Application isc bind 9.11.0 Yes
Application netapp data_ontap_edge - Yes
Application netapp solidfire_element_os_management_node - Yes
References