ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html | third party advisory mailing list |
| https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html | third party advisory mailing list |
| http://www.openwall.com/lists/oss-security/2016/07/06/3 | third party advisory mailing list |
| http://www.securitytracker.com/id/1036241 | vdb entry third party advisory |
| https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html | third party advisory mailing list |
| https://security.gentoo.org/glsa/201610-07 | third party advisory vendor advisory |
| https://kb.isc.org/article/AA-01390 | vendor advisory |
| http://www.securityfocus.com/bid/91611 | vdb entry third party advisory |
| https://github.com/sischkg/xfer-limit/blob/master/README.md | exploit third party advisory patch |
| https://kb.isc.org/article/AA-01390/169/CVE-2016-6170 | vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1353563 | issue tracking third party advisory patch |