CVE-2016-1286
HIGHCVSS 8.6/10EPSS 61.24%
Last modified
CVE-2016-1286 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.. EPSS estimates a 61.24% chance of exploitation in the next 30 days.
Description
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Isc | Bind | >= 9.0.0, < 9.9.8 | — |
| Isc | Bind | >= 9.10.0, < 9.10.3 | — |
| Isc | Bind | 9.9.8 | — |
| Isc | Bind | 9.10.3 | — |
| Suse | Linux Enterprise Debuginfo | 11 | Sp2 |
| Suse | Manager | 2.1 | — |
| Suse | Manager Proxy | 2.1 | — |
| Suse | Openstack Cloud | 5 | — |
| Opensuse | Leap | 42.1 | — |
| Opensuse | Opensuse | 11.4 | — |
| Opensuse | Opensuse | 13.1 | — |
| Opensuse | Opensuse | 13.2 | — |
| Suse | Linux Enterprise Desktop | 11 | Sp4 |
| Suse | Linux Enterprise Desktop | 12 | — |
| Suse | Linux Enterprise Server | 11 | Sp2 |
| Suse | Linux Enterprise Server | 12 | — |
| Suse | Linux Enterprise Software Development Kit | 11 | Sp4 |
| Suse | Linux Enterprise Software Development Kit | 12 | — |
| Fedoraproject | Fedora | 22 | — |
| Fedoraproject | Fedora | 23 | — |
| Fedoraproject | Fedora | 24 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 14.04 | — |
| Canonical | Ubuntu Linux | 15.10 | — |
| Debian | Debian Linux | 7.0 | — |
| Debian | Debian Linux | 8.0 | — |
| Debian | Debian Linux | 9.0 | — |
| Juniper | Junos | 12.1x46 | — |
| Juniper | Junos | 12.1x46-d10 | — |
| Juniper | Junos | 12.1x46-d76 | — |
| Juniper | Junos | 12.3x48 | — |
| Juniper | Junos | 15.1x49 | D10 |
| Juniper | Junos | 17.3 | — |
| Juniper | Junos | 17.4 | — |
| Juniper | Junos | 18.1 | — |
| Juniper | Junos | 18.2 | — |
| Juniper | Junos | 18.3 | — |
| Juniper | Junos | 18.4 | — |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0562.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0601.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3511Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securitytracker.com/id/1035237Broken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2925-1Third Party Advisory
- https://kb.isc.org/article/AA-01353Vendor Advisory
- https://kb.isc.org/article/AA-01380Release Notes, Vendor Advisory
- https://kb.isc.org/article/AA-01438Broken Link, Vendor Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascThird Party Advisory
- https://security.gentoo.org/glsa/201610-07Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0562.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2016-0601.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3511Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securitytracker.com/id/1035237Broken Link, Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2925-1Third Party Advisory
- https://kb.isc.org/article/AA-01353Vendor Advisory
- https://kb.isc.org/article/AA-01380Release Notes, Vendor Advisory
- https://kb.isc.org/article/AA-01438Broken Link, Vendor Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascThird Party Advisory
- https://security.gentoo.org/glsa/201610-07Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-1286?
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
How severe is CVE-2016-1286?
CVE-2016-1286 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 61.24% probability of exploitation in the next 30 days.
How do I fix CVE-2016-1286?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-1286?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST