• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 126375, created on Jul 31, 2015, last review on Aug 19, 2015

  • Applies to:
  • Operations Automation 6.0
  • Operations Automation 5.5
  • Operations Automation 5.4

Information

An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.

Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

Resolution

To check whether the used version of BIND is vulnerable, visit the following pages:

https://rhn.redhat.com/errata/RHSA-2015-1513.html

https://rhn.redhat.com/errata/RHSA-2015-1514.html

https://rhn.redhat.com/errata/RHSA-2015-1515.html

Upgrade BIND package on all OSA-managed name servers to the patched release most closely related to your current version of BIND.

To update BIND package issue the following command:

yum update bind

Search Words

CVE-2015-5477

BIND Security Vulnerability

BIND9 Security Vulnerability , permitting denial of service

ac82ce33439a9c1feec4ff4f2f638899 caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e 956c448bddc7e1f3585373687602379f 6f1456866eed87488c0f02b298a741c0 5b048d9bddf8048a00aba7e0bdadef37

Email subscription for changes to this article
Save as PDF