cve-2015-5986

Vulnerability from cvelistv5

Published

2015-09-05 01:00

Modified

2024-08-06 07:06

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html
cve@mitre.org	http://www.securityfocus.com/bid/76618
cve@mitre.org	http://www.securitytracker.com/id/1033453
cve@mitre.org	https://kb.isc.org/article/AA-01291	Vendor Advisory
cve@mitre.org	https://kb.isc.org/article/AA-01305
cve@mitre.org	https://kb.isc.org/article/AA-01306
cve@mitre.org	https://kb.isc.org/article/AA-01307
cve@mitre.org	https://kb.isc.org/article/AA-01438
cve@mitre.org	https://kc.mcafee.com/corporate/index?page=content&id=SB10134
cve@mitre.org	https://security.gentoo.org/glsa/201510-01
cve@mitre.org	https://security.netapp.com/advisory/ntap-20190730-0001/
cve@mitre.org	https://support.apple.com/HT205376

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:06:35.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2015-10-21-8",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "name": "FEDORA-2015-14954",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205376"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01291"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01307"
          },
          {
            "name": "GLSA-201510-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-01"
          },
          {
            "name": "1033453",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033453"
          },
          {
            "name": "76618",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76618"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01305"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01306"
          },
          {
            "name": "FEDORA-2015-14958",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-30T17:06:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2015-10-21-8",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "name": "FEDORA-2015-14954",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205376"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01291"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01307"
        },
        {
          "name": "GLSA-201510-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-01"
        },
        {
          "name": "1033453",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033453"
        },
        {
          "name": "76618",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76618"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01305"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01306"
        },
        {
          "name": "FEDORA-2015-14958",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-10-21-8",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "FEDORA-2015-14954",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"
            },
            {
              "name": "https://support.apple.com/HT205376",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205376"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134"
            },
            {
              "name": "https://kb.isc.org/article/AA-01291",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01291"
            },
            {
              "name": "https://kb.isc.org/article/AA-01307",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01307"
            },
            {
              "name": "GLSA-201510-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-01"
            },
            {
              "name": "1033453",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033453"
            },
            {
              "name": "76618",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76618"
            },
            {
              "name": "https://kb.isc.org/article/AA-01305",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01305"
            },
            {
              "name": "https://kb.isc.org/article/AA-01306",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01306"
            },
            {
              "name": "FEDORA-2015-14958",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190730-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5986",
    "datePublished": "2015-09-05T01:00:00",
    "dateReserved": "2015-08-13T00:00:00",
    "dateUpdated": "2024-08-06T07:06:35.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5986\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-09-05T02:59:04.367\",\"lastModified\":\"2016-12-31T02:59:34.110\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.\"},{\"lang\":\"es\",\"value\":\"Openpgpkey_61.c en demonio named en ISC BIND 9.9.7 en versiones anteriores a 9.9.7-P3 y 9.10.x en versiones anteriores a 9.10.2-P4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (error en aserci\u00f3n REQUIRE y salida del demonio) a trav\u00e9s de una respuesta DNS manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.1},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.9.7\",\"matchCriteriaId\":\"E5DB42B0-9CB2-4BFC-A65F-7FD5B02E2A2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.10.2\",\"matchCriteriaId\":\"55E3AFE2-7622-4D11-ADCA-708E9E72BB0D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B9E950F-9312-4352-A7CE-21D09A3456B5\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/76618\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1033453\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.isc.org/article/AA-01291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.isc.org/article/AA-01305\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.isc.org/article/AA-01306\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.isc.org/article/AA-01307\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.isc.org/article/AA-01438\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201510-01\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190730-0001/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT205376\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

gsd-2015-5986

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-5986

Aliases

CVE-2015-5986

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5986",
    "description": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.",
    "id": "GSD-2015-5986",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-5986.html",
      "https://advisories.mageia.org/CVE-2015-5986.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5986"
      ],
      "details": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.",
      "id": "GSD-2015-5986",
      "modified": "2023-12-13T01:20:06.817181Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-5986",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-10-21-8",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"
          },
          {
            "name": "https://kb.isc.org/article/AA-01438",
            "refsource": "CONFIRM",
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "name": "FEDORA-2015-14954",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"
          },
          {
            "name": "https://support.apple.com/HT205376",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205376"
          },
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134"
          },
          {
            "name": "https://kb.isc.org/article/AA-01291",
            "refsource": "CONFIRM",
            "url": "https://kb.isc.org/article/AA-01291"
          },
          {
            "name": "https://kb.isc.org/article/AA-01307",
            "refsource": "CONFIRM",
            "url": "https://kb.isc.org/article/AA-01307"
          },
          {
            "name": "GLSA-201510-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201510-01"
          },
          {
            "name": "1033453",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033453"
          },
          {
            "name": "76618",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76618"
          },
          {
            "name": "https://kb.isc.org/article/AA-01305",
            "refsource": "CONFIRM",
            "url": "https://kb.isc.org/article/AA-01305"
          },
          {
            "name": "https://kb.isc.org/article/AA-01306",
            "refsource": "CONFIRM",
            "url": "https://kb.isc.org/article/AA-01306"
          },
          {
            "name": "FEDORA-2015-14958",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190730-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.10.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5986"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/article/AA-01291",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.isc.org/article/AA-01291"
            },
            {
              "name": "https://support.apple.com/HT205376",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT205376"
            },
            {
              "name": "APPLE-SA-2015-10-21-8",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"
            },
            {
              "name": "76618",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76618"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134"
            },
            {
              "name": "https://kb.isc.org/article/AA-01306",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.isc.org/article/AA-01306"
            },
            {
              "name": "https://kb.isc.org/article/AA-01307",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.isc.org/article/AA-01307"
            },
            {
              "name": "GLSA-201510-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201510-01"
            },
            {
              "name": "https://kb.isc.org/article/AA-01305",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.isc.org/article/AA-01305"
            },
            {
              "name": "1033453",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033453"
            },
            {
              "name": "FEDORA-2015-14958",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"
            },
            {
              "name": "FEDORA-2015-14954",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190730-0001/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-31T02:59Z",
      "publishedDate": "2015-09-05T02:59Z"
    }
  }
}

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. ISC BIND is a set of open source software that implements the DNS protocol maintained by the Internet Systems Consortium (ISC) company in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2015-10-21-8 OS X Server 5.0.15

OS X Server 5.0.15 is now available and addresses the following:

BIND Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7-P3, one of which may have allowed a remote attacker to cause a denial of service. These issues were addressed by updating BIND to version 9.9.7-P3. CVE-ID CVE-2015-5722 : Hanno Böck from the Fuzzing Project CVE-2015-5986

Web Service Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later Impact: A remote attacker may be able to bypass access restrictions Description: An HTTP header field reference was missing from the configuration files. This issue was addressed by adding the HTTP header field reference to the configuration file. CVE-ID CVE-2015-7031 : an anonymous researcher

Installation note:

OS X Server 5.0.15 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

[slackware-security] bind (SSA:2015-245-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz: Upgraded. This update fixes two denial-of-service vulnerabilities: + CVE-2015-5722 is a denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. Validating recursive resolvers are at the greatest risk from this defect, but it has not been ruled out that it could be exploited against an authoritative-only nameserver under limited conditions. Servers that are not performing validation are not vulnerable. However, ISC does not recommend disabling validation as a workaround to this issue as it exposes the server to other types of attacks. Upgrading to the patched versions is the recommended solution. All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722. Recursive resolvers are at the greatest risk from this defect, but it has not been ruled out that it could be exploited against an authoritative-only nameserver under limited conditions. Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to CVE-2015-5986. For more information, see: https://kb.isc.org/article/AA-01287/0 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722 https://kb.isc.org/article/AA-01291/0 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P3-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P3-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P3-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P3-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P4-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P4-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 package: 627f6c6827eca24776d790166801de25 bind-9.9.7_P3-i486-1_slack13.0.txz

Slackware x86_64 13.0 package: 49082f50322af84efe8d91459599b837 bind-9.9.7_P3-x86_64-1_slack13.0.txz

Slackware 13.1 package: 4dd375df46e84dbecb9f296e2fec692a bind-9.9.7_P3-i486-1_slack13.1.txz

Slackware x86_64 13.1 package: 90b4376b145544d9a63c28dcb891ca47 bind-9.9.7_P3-x86_64-1_slack13.1.txz

Slackware 13.37 package: 181ce9e11eb9d909c5c06b8ddd5bb1b5 bind-9.9.7_P3-i486-1_slack13.37.txz

Slackware x86_64 13.37 package: 368f7a3b977865b0132bdcd129e70813 bind-9.9.7_P3-x86_64-1_slack13.37.txz

Slackware 14.0 package: 3bb80a54fb5d0f76d17ef33cf06a074d bind-9.9.7_P3-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: d77b36e48e2c033ffa9d99816979304f bind-9.9.7_P3-x86_64-1_slack14.0.txz

Slackware 14.1 package: ada9c70208885b4c7904364e040360f9 bind-9.9.7_P3-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: a78fbe27ba2834d2918fa26ce96d5083 bind-9.9.7_P3-x86_64-1_slack14.1.txz

Slackware -current package: 450614c08d5fac56c8d2701394d1af50 n/bind-9.10.2_P4-i586-1.txz

Slackware x86_64 -current package: 32e680d6bce8dac3ad5ba54958f68f95 n/bind-9.10.2_P4-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg bind-9.9.7_P3-i486-1_slack14.1.txz

Then, restart the name server:

/etc/rc.d/rc.bind restart

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:23.bind Security Advisory The FreeBSD Project

Topic: BIND remote denial of service vulnerability

Category: contrib Module: bind Announced: 2015-09-02 Credits: ISC Affects: FreeBSD 9.x Corrected: 2015-09-02 20:06:46 UTC (stable/9, 9.3-STABLE) 2015-09-02 20:07:03 UTC (releng/9.3, 9.3-RELEASE-p25) CVE Name: CVE-2015-5722

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. The libdns library is a library of DNS protocol support functions.

II. Problem Description

Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c.

III.

Recursive servers are at greatest risk, however, an authoritative server could also be affected, if an attacker controls a zone that the server must query against to perform its zone service.

IV. Workaround

No workaround is available, but hosts not running named(8) are not vulnerable.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

The named service has to be restarted after the update. A reboot is recommended but not required.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

The named service has to be restarted after the update. A reboot is recommended but not required.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:23/bind.patch

fetch https://security.FreeBSD.org/patches/SA-15:23/bind.patch.asc

gpg --verify bind.patch.asc

Please note that FreeBSD 9.3-STABLE is also affected by another issue (CVE-2015-5986), and a different patch should be used.

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart the named(8) daemon, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/9/ r287409 releng/9.3/ r287410

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

CVE-2015-5986 is listed here for completeness and affects FreeBSD 9.3-STABLE but not FreeBSD 9.3-RELEASE:

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.7 (FreeBSD)

iQIcBAEBCgAGBQJV52K9AAoJEO1n7NZdz2rnYQEP/1MY+pxPVMWT86qNKZ8upUpH LadLmtYAERrT9SMBrEFNCgylRdwNabTPKU0ZtxW8I57rks+j4bci053qo9Z7Hyo0 tbK3hTtxJZHNBO1G+NFfQxx9U+R+86Korx3NvDiB78XkJaab5On3dSgIMJYPEIL+ h0NEfYqe+X+LYg3W46faPdIuOsgxWSYN1T6mcZ5B5lucbT+LXjA5sRj+rUcE+a4O 2lIdM1oesWOZrEZo9FjK3UPvBbiEZkspr5IBd0zA825+BZNOpk06SOS/f3N0Pz8u S2vGlxcT37CzC9fPgjQpcNBmB+76xLgz74Inj4uPDSvCz+wmmcr95YOgheZb2N6K Bqakzy9TyRNk1aa8VXb8XpfyfMzroWG/vNjV6trI5wry7U0zRSl4dz+XAoz0A/eO 9ue88iWsVh97HBWKH94K8ZCA49G3NLgkbDkJ3awS4TfIKwwh9bGDiDepu1KMqnC1 EzyRk2fnr9JIreLj5zR1ctL1xGUvBIzWvHeT72PjgdZ/hqDoXTHKSVnDoR0c6T+U bJBJSLi3KUqaMkKRJez84r7G8RKtudLT292l4UQ3qgbiuaXagY6m1W0WBpLvw/zv RQOsG3HPpDrrV/LiSWKybEX2hIqIHd3tssfjQqvMa4WLO3h8wVONjw74YgRzZaYb t/1F4r4UYtfIJ7omydxx =B0u1 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201510-01

                                       https://security.gentoo.org/

Severity: Normal Title: BIND: Denial of Service Date: October 18, 2015 Bugs: #540640, #553584, #556150, #559462 ID: 201510-01

Synopsis

A vulnerability in BIND could lead to a Denial of Service condition.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-dns/bind < 9.10.2_p4 >= 9.10.2_p4

Description

A vulnerability has been discovered in BIND's named utility leading to a Denial of Service condition.

Resolution

All BIND users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.2_p4"

References

[ 1 ] CVE-2015-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349 [ 2 ] CVE-2015-4620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620 [ 3 ] CVE-2015-5477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5477 [ 4 ] CVE-2015-5722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5722 [ 5 ] CVE-2015-5986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5986

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201510-01

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0223",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.10.2"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.15"
      },
      {
        "model": "bind",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "9.9.7"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.10.2 to  9.10.2-p3"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "isc",
        "version": "9.9.7 to  9.9.7-p2"
      },
      {
        "model": "macos server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.0.15   (os x el capitan 10.11.1 or later )"
      },
      {
        "model": "macos server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5.0.15   (os x yosemite 10.10.5)"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "bind",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "isc",
        "version": "9.10.2"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.9.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.10.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "76618"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-5986",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-5986",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-83947",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-5986",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201509-058",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-83947",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-5986",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. ISC BIND is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition. ISC BIND is a set of open source software that implements the DNS protocol maintained by the Internet Systems Consortium (ISC) company in the United States. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-10-21-8 OS X Server 5.0.15\n\nOS X Server 5.0.15 is now available and addresses the following:\n\nBIND\nAvailable for:  OS X Yosemite 10.10.5,\nOS X El Capitan 10.11.1 or later\nImpact:  Multiple vulnerabilities in BIND\nDescription:  Multiple vulnerabilities existed in BIND versions prior\nto 9.9.7-P3, one of which may have allowed a remote attacker to cause\na denial of service. These issues were addressed by updating BIND to\nversion 9.9.7-P3. \nCVE-ID\nCVE-2015-5722 : Hanno B\u00f6ck from the Fuzzing Project\nCVE-2015-5986\n\nWeb Service\nAvailable for:  OS X Yosemite 10.10.5,\nOS X El Capitan 10.11.1 or later\nImpact:  A remote attacker may be able to bypass access restrictions\nDescription:  An HTTP header field reference was missing from the\nconfiguration files. This issue was addressed by adding the HTTP\nheader field reference to the configuration file. \nCVE-ID\nCVE-2015-7031 : an anonymous researcher\n\nInstallation note:\n\nOS X Server 5.0.15 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security]  bind (SSA:2015-245-01)\n\nNew bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz:  Upgraded. \n  This update fixes two denial-of-service vulnerabilities:\n  + CVE-2015-5722 is a denial-of-service vector which can be\n  exploited remotely against a BIND server that is performing\n  validation on DNSSEC-signed records.  Validating recursive\n  resolvers are at the greatest risk from this defect, but it has not\n  been ruled out that it could be exploited against an\n  authoritative-only nameserver under limited conditions.  Servers\n  that are not performing validation are not vulnerable.  However,\n  ISC does not recommend disabling validation as a workaround to\n  this issue as it exposes the server to other types of attacks. \n  Upgrading to the patched versions is the recommended solution. \n  All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722.  Recursive resolvers are at the greatest risk\n  from this defect, but it has not been ruled out that it could\n  be exploited against an authoritative-only nameserver under\n  limited conditions. \n  Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to\n  CVE-2015-5986. \n  For more information, see:\n    https://kb.isc.org/article/AA-01287/0\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722\n    https://kb.isc.org/article/AA-01291/0\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P3-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P3-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P3-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P3-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n627f6c6827eca24776d790166801de25  bind-9.9.7_P3-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n49082f50322af84efe8d91459599b837  bind-9.9.7_P3-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4dd375df46e84dbecb9f296e2fec692a  bind-9.9.7_P3-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n90b4376b145544d9a63c28dcb891ca47  bind-9.9.7_P3-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n181ce9e11eb9d909c5c06b8ddd5bb1b5  bind-9.9.7_P3-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n368f7a3b977865b0132bdcd129e70813  bind-9.9.7_P3-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bb80a54fb5d0f76d17ef33cf06a074d  bind-9.9.7_P3-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd77b36e48e2c033ffa9d99816979304f  bind-9.9.7_P3-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nada9c70208885b4c7904364e040360f9  bind-9.9.7_P3-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\na78fbe27ba2834d2918fa26ce96d5083  bind-9.9.7_P3-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n450614c08d5fac56c8d2701394d1af50  n/bind-9.10.2_P4-i586-1.txz\n\nSlackware x86_64 -current package:\n32e680d6bce8dac3ad5ba54958f68f95  n/bind-9.10.2_P4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg bind-9.9.7_P3-i486-1_slack14.1.txz\n\nThen, restart the name server:\n\n# /etc/rc.d/rc.bind restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:23.bind                                       Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          BIND remote denial of service vulnerability\n\nCategory:       contrib\nModule:         bind\nAnnounced:      2015-09-02\nCredits:        ISC\nAffects:        FreeBSD 9.x\nCorrected:      2015-09-02 20:06:46 UTC (stable/9, 9.3-STABLE)\n                2015-09-02 20:07:03 UTC (releng/9.3, 9.3-RELEASE-p25)\nCVE Name:       CVE-2015-5722\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nBIND 9 is an implementation of the Domain Name System (DNS) protocols. \nThe named(8) daemon is an Internet Domain Name Server.  The libdns\nlibrary is a library of DNS protocol support functions. \n\nII.  Problem Description\n\nParsing a malformed DNSSEC key can cause a validating resolver to exit\ndue to a failed assertion in buffer.c. \n\nIII. \n\nRecursive servers are at greatest risk, however, an authoritative server\ncould also be affected, if an attacker controls a zone that the server\nmust query against to perform its zone service. \n\nIV.  Workaround\n\nNo workaround is available, but hosts not running named(8) are not\nvulnerable. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe named service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe named service has to be restarted after the update.  A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:23/bind.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:23/bind.patch.asc\n# gpg --verify bind.patch.asc\n\nPlease note that FreeBSD 9.3-STABLE is also affected by another issue\n(CVE-2015-5986), and a different patch should be used. \n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the named(8) daemon, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r287409\nreleng/9.3/                                                       r287410\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://kb.isc.org/article/AA-01287\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722\u003e\n\nCVE-2015-5986 is listed here for completeness and affects FreeBSD\n9.3-STABLE but not FreeBSD 9.3-RELEASE:\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:23.bind.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.7 (FreeBSD)\n\niQIcBAEBCgAGBQJV52K9AAoJEO1n7NZdz2rnYQEP/1MY+pxPVMWT86qNKZ8upUpH\nLadLmtYAERrT9SMBrEFNCgylRdwNabTPKU0ZtxW8I57rks+j4bci053qo9Z7Hyo0\ntbK3hTtxJZHNBO1G+NFfQxx9U+R+86Korx3NvDiB78XkJaab5On3dSgIMJYPEIL+\nh0NEfYqe+X+LYg3W46faPdIuOsgxWSYN1T6mcZ5B5lucbT+LXjA5sRj+rUcE+a4O\n2lIdM1oesWOZrEZo9FjK3UPvBbiEZkspr5IBd0zA825+BZNOpk06SOS/f3N0Pz8u\nS2vGlxcT37CzC9fPgjQpcNBmB+76xLgz74Inj4uPDSvCz+wmmcr95YOgheZb2N6K\nBqakzy9TyRNk1aa8VXb8XpfyfMzroWG/vNjV6trI5wry7U0zRSl4dz+XAoz0A/eO\n9ue88iWsVh97HBWKH94K8ZCA49G3NLgkbDkJ3awS4TfIKwwh9bGDiDepu1KMqnC1\nEzyRk2fnr9JIreLj5zR1ctL1xGUvBIzWvHeT72PjgdZ/hqDoXTHKSVnDoR0c6T+U\nbJBJSLi3KUqaMkKRJez84r7G8RKtudLT292l4UQ3qgbiuaXagY6m1W0WBpLvw/zv\nRQOsG3HPpDrrV/LiSWKybEX2hIqIHd3tssfjQqvMa4WLO3h8wVONjw74YgRzZaYb\nt/1F4r4UYtfIJ7omydxx\n=B0u1\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201510-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: BIND: Denial of Service\n     Date: October 18, 2015\n     Bugs: #540640, #553584, #556150, #559462\n       ID: 201510-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in BIND could lead to a Denial of Service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-dns/bind               \u003c 9.10.2_p4              \u003e= 9.10.2_p4 \n\nDescription\n===========\n\nA vulnerability has been discovered in BIND\u0027s named utility leading to\na Denial of Service condition. \n\nResolution\n==========\n\nAll BIND users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-9.10.2_p4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1349\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349\n[ 2 ] CVE-2015-4620\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620\n[ 3 ] CVE-2015-5477\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5477\n[ 4 ] CVE-2015-5722\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5722\n[ 5 ] CVE-2015-5986\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5986\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201510-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "db": "BID",
        "id": "76618"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "db": "PACKETSTORM",
        "id": "134059"
      },
      {
        "db": "PACKETSTORM",
        "id": "133411"
      },
      {
        "db": "PACKETSTORM",
        "id": "133434"
      },
      {
        "db": "PACKETSTORM",
        "id": "134008"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-5986",
        "trust": 3.3
      },
      {
        "db": "ISC",
        "id": "AA-01291",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "76618",
        "trust": 1.5
      },
      {
        "db": "ISC",
        "id": "AA-01306",
        "trust": 1.2
      },
      {
        "db": "ISC",
        "id": "AA-01307",
        "trust": 1.2
      },
      {
        "db": "ISC",
        "id": "AA-01438",
        "trust": 1.2
      },
      {
        "db": "ISC",
        "id": "AA-01305",
        "trust": 1.2
      },
      {
        "db": "MCAFEE",
        "id": "SB10134",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1033453",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU91383623",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU92655282",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058",
        "trust": 0.7
      },
      {
        "db": "ISC",
        "id": "AA-01287",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-83947",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5986",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134059",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133411",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133434",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134008",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "db": "BID",
        "id": "76618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "db": "PACKETSTORM",
        "id": "134059"
      },
      {
        "db": "PACKETSTORM",
        "id": "133411"
      },
      {
        "db": "PACKETSTORM",
        "id": "133434"
      },
      {
        "db": "PACKETSTORM",
        "id": "134008"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ]
  },
  "id": "VAR-201509-0223",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83947"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:06:26.475000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-10-21-8 OS X Server 5.0.15",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00009.html"
      },
      {
        "title": "HT205376",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205376"
      },
      {
        "title": "HT205376",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205376"
      },
      {
        "title": "CVE-2015-5986: An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c",
        "trust": 0.8,
        "url": "https://kb.isc.org/article/aa-01291"
      },
      {
        "title": "NV16-011",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv16-011.html"
      },
      {
        "title": "Apple: OS X Server 5.0.15",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e4f689e38c48c81fbfd32d7313793956"
      },
      {
        "title": "stran0s",
        "trust": 0.1,
        "url": "https://github.com/stran0s/stran0s "
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://kb.isc.org/article/aa-01291"
      },
      {
        "trust": 1.3,
        "url": "https://security.gentoo.org/glsa/201510-01"
      },
      {
        "trust": 1.2,
        "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00009.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/76618"
      },
      {
        "trust": 1.2,
        "url": "https://kb.isc.org/article/aa-01305"
      },
      {
        "trust": 1.2,
        "url": "https://kb.isc.org/article/aa-01306"
      },
      {
        "trust": 1.2,
        "url": "https://kb.isc.org/article/aa-01307"
      },
      {
        "trust": 1.2,
        "url": "https://kb.isc.org/article/aa-01438"
      },
      {
        "trust": 1.2,
        "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"
      },
      {
        "trust": 1.2,
        "url": "https://support.apple.com/ht205376"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-september/165810.html"
      },
      {
        "trust": 1.2,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-september/167465.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1033453"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10134"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5986"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2015/at150031.html"
      },
      {
        "trust": 0.8,
        "url": "http://jprs.jp/tech/security/2015-09-03-bind9-vuln-openpgpkey.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91383623/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu92655282/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5986"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5722"
      },
      {
        "trust": 0.3,
        "url": "http://www.isc.org/products/bind/"
      },
      {
        "trust": 0.3,
        "url": "https://www.us-cert.gov/ncas/current-activity/2015/09/16/internet-systems-consortium-isc-releases-security-updates-bind"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968076"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2015/q3/483"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5986"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10134"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nmap.org/nsedoc/scripts/vulners.html"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7031"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://kb.isc.org/article/aa-01287/0"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://kb.isc.org/article/aa-01291/0"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5722"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:23/bind.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:23.bind.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://kb.isc.org/article/aa-01287\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5986\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:23/bind.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5722\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4620"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1349"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5986"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5477"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5722"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5477"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1349"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "db": "BID",
        "id": "76618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "db": "PACKETSTORM",
        "id": "134059"
      },
      {
        "db": "PACKETSTORM",
        "id": "133411"
      },
      {
        "db": "PACKETSTORM",
        "id": "133434"
      },
      {
        "db": "PACKETSTORM",
        "id": "134008"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "db": "BID",
        "id": "76618"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "db": "PACKETSTORM",
        "id": "134059"
      },
      {
        "db": "PACKETSTORM",
        "id": "133411"
      },
      {
        "db": "PACKETSTORM",
        "id": "133434"
      },
      {
        "db": "PACKETSTORM",
        "id": "134008"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "date": "2015-09-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "date": "2015-09-02T00:00:00",
        "db": "BID",
        "id": "76618"
      },
      {
        "date": "2015-09-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "date": "2015-10-21T22:22:22",
        "db": "PACKETSTORM",
        "id": "134059"
      },
      {
        "date": "2015-09-03T22:26:39",
        "db": "PACKETSTORM",
        "id": "133411"
      },
      {
        "date": "2015-09-02T19:32:22",
        "db": "PACKETSTORM",
        "id": "133434"
      },
      {
        "date": "2015-10-18T21:06:41",
        "db": "PACKETSTORM",
        "id": "134008"
      },
      {
        "date": "2015-09-05T02:59:04.367000",
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "date": "2015-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83947"
      },
      {
        "date": "2016-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-5986"
      },
      {
        "date": "2016-07-06T14:04:00",
        "db": "BID",
        "id": "76618"
      },
      {
        "date": "2016-06-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      },
      {
        "date": "2016-12-31T02:59:34.110000",
        "db": "NVD",
        "id": "CVE-2015-5986"
      },
      {
        "date": "2015-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "133434"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ISC BIND of  named of  openpgpkey_61.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004611"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201509-058"
      }
    ],
    "trust": 0.6
  }
}

ghsa-q676-ggwg-j7vx

Vulnerability from github

Published

2022-05-17 03:11

Modified

2022-05-17 03:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-09-05T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.",
  "id": "GHSA-q676-ggwg-j7vx",
  "modified": "2022-05-17T03:11:47Z",
  "published": "2022-05-17T03:11:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5986"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/article/AA-01291"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/article/AA-01305"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/article/AA-01306"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/article/AA-01307"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/article/AA-01438"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10134"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201510-01"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190730-0001"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205376"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76618"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033453"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-5986

Vulnerability from cvelistv5

gsd-2015-5986

Vulnerability from gsd

var-201509-0223

Vulnerability from variot

upgradepkg bind-9.9.7_P3-i486-1_slack14.1.txz

/etc/rc.d/rc.bind restart

freebsd-update fetch

freebsd-update install

fetch https://security.FreeBSD.org/patches/SA-15:23/bind.patch

fetch https://security.FreeBSD.org/patches/SA-15:23/bind.patch.asc

gpg --verify bind.patch.asc

cd /usr/src

patch < /path/to/patch

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Synopsis

Affected packages

Description

Resolution

References

Availability

Concerns?

License

ghsa-q676-ggwg-j7vx

Vulnerability from github

Tags

Sightings

Nomenclature