CVE-2016-1285
Publication date 9 March 2016
Last updated 25 August 2025
Ubuntu priority
Description
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| bind9 | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Fixed 1:9.9.5.dfsg-3ubuntu0.8
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.8 · Medium
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2925-1
- Bind vulnerabilities
- 9 March 2016