{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[dns-operations] 20160706 DNS activities in Japan", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html"}, {"name": "[dns-operations] 20160706 DNS activities in Japan", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html"}, {"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"}, {"name": "1036241", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036241"}, {"name": "[dns-operations] 20160704 DNS activities in Japan", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"}, {"name": "GLSA-201610-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201610-07"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/article/AA-01390"}, {"name": "91611", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91611"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353563"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:22:20.635Z"}, "title": "CVE Program Container", "references": [{"name": "[dns-operations] 20160706 DNS activities in Japan", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html"}, {"name": "[dns-operations] 20160706 DNS activities in Japan", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html"}, {"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"}, {"name": "1036241", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036241"}, {"name": "[dns-operations] 20160704 DNS activities in Japan", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"}, {"name": "GLSA-201610-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201610-07"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/article/AA-01390"}, {"name": "91611", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91611"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353563"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-6170", "datePublished": "2016-07-06T14:00:00", "dateReserved": "2016-07-06T00:00:00", "dateUpdated": "2024-08-06T01:22:20.635Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "493B9A51-FA5C-4E94-871F-83AE4ED9EA1D", "versionEndIncluding": "9.9.8", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "667502D2-746A-4FE6-8752-ED19ADA20981", "versionEndIncluding": "9.10.3", "versionStartIncluding": "9.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*", "matchCriteriaId": "2A2CF04B-BF26-43F9-8BF4-CEBB9BE3AE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:beta1:*:*:*:*:*:*", "matchCriteriaId": "81E0A500-84EA-47E2-9767-19D8D08CC344", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:beta2:*:*:*:*:*:*", "matchCriteriaId": "F1E53DC4-53B9-4127-9B8D-96DFFD1E340F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*", "matchCriteriaId": "477AA5E9-2C6F-4CCC-B596-F3DF5AAB13C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*", "matchCriteriaId": "D72B0718-8054-4C8C-8FAF-0DC79C3B4D4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*", "matchCriteriaId": "4F155EC7-B84E-4C05-908A-BFBAF2CE612D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*", "matchCriteriaId": "C6C3D04E-B352-4124-A8A5-68AA90EC95DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*", "matchCriteriaId": "E053C268-5C5F-4ED4-91CF-F8F795185C25", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message."}, {"lang": "es", "value": "ISC BIND hasta la versi\u00f3n 9.9.9-P1, 9.10.x hasta la versi\u00f3n 9.10.4-P1 y 9.11.x hasta la versi\u00f3n 9.11.0b1 permite a servidores DNS primarios provocar una denegaci\u00f3n de servicio (ca\u00edda de servidor DNS secundario) a trav\u00e9s de una respuesta AXFR grande, y posiblemente permite a servidores IXFR provocar una denegaci\u00f3n de servicio (ca\u00edda de cliente IXFR) a trav\u00e9s de una respuesta IXFR grande y permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda de servidor DNS primario) a trav\u00e9s de un mensaje UPDATE grande."}], "id": "CVE-2016-6170", "lastModified": "2020-08-25T20:19:44.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-06T14:59:05.597", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91611"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1036241"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353563"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/article/AA-01390"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/article/AA-01390/169/CVE-2016-6170"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201610-07"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "bind: Improper restriction of zone size limit", "id": "1353563", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353563"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.", "It was found that bind does not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server."], "mitigation": {"lang": "en:us", "value": "This issue can be mitigated by disallowing zone transfers and dynamic updates from potentially malicious sources.\nFor more information, see the \"Workarounds\" section on https://kb.isc.org/article/AA-01390 page."}, "name": "CVE-2016-6170", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "bind97", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2016-07-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6170\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6170"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}