CVE-2015-5477: Security vulnerability in BIND

Modified on: Thu, 23 Jan, 2020 at 3:43 AM

Operations Automation Operations Automation:5.4 Operations Automation:5.5 Operations Automation:5.x Operations Automation:6.0 Operations Automation:6.x

Information

An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.

Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

Resolution

To check whether the used version of BIND is vulnerable, visit the following pages:

https://rhn.redhat.com/errata/RHSA-2015-1513.html

https://rhn.redhat.com/errata/RHSA-2015-1514.html

https://rhn.redhat.com/errata/RHSA-2015-1515.html

Upgrade BIND package on all OSA-managed name servers to the patched release most closely related to your current version of BIND.

To update BIND package issue the following command:

yum update bind

Internal content

Did you find it helpful? Yes No