Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105366
Categoría:F5 Local Security Checks
Título:F5 BIG-IP - BIND vulnerability CVE-2015-5477
Resumen:The remote host is missing a security patch.
Descripción:Summary:
The remote host is missing a security patch.

Vulnerability Insight:
An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. (CVE-2015-5477)

Vulnerability Impact:
A remote attacker may be able to cause a denial-of-service (DoS) attack on the BIG-IP system's local instance of BIND by using a specially crafted DNS request in configurations that expose BIND to requests from untrusted users.Note: If the BIND daemon stops responding, services that do not rely on the use of local instances of BIND will continue to function.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5477
BugTraq ID: 76092
http://www.securityfocus.com/bid/76092
Debian Security Information: DSA-3319 (Google Search)
http://www.debian.org/security/2015/dsa-3319
https://www.exploit-db.com/exploits/37721/
https://www.exploit-db.com/exploits/37723/
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html
https://security.gentoo.org/glsa/201510-01
HPdes Security Advisory: HPSBOV03506
http://marc.info/?l=bugtraq&m=144181171013996&w=2
HPdes Security Advisory: HPSBUX03400
http://marc.info/?l=bugtraq&m=144000632319155&w=2
HPdes Security Advisory: HPSBUX03410
http://marc.info/?l=bugtraq&m=144017354030745&w=2
HPdes Security Advisory: HPSBUX03511
http://marc.info/?l=bugtraq&m=144294073801304&w=2
HPdes Security Advisory: SSRT102175
HPdes Security Advisory: SSRT102211
HPdes Security Advisory: SSRT102248
http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html
RedHat Security Advisories: RHSA-2015:1513
http://rhn.redhat.com/errata/RHSA-2015-1513.html
RedHat Security Advisories: RHSA-2015:1514
http://rhn.redhat.com/errata/RHSA-2015-1514.html
RedHat Security Advisories: RHSA-2015:1515
http://rhn.redhat.com/errata/RHSA-2015-1515.html
RedHat Security Advisories: RHSA-2016:0078
http://rhn.redhat.com/errata/RHSA-2016-0078.html
RedHat Security Advisories: RHSA-2016:0079
http://rhn.redhat.com/errata/RHSA-2016-0079.html
http://www.securitytracker.com/id/1033100
SuSE Security Announcement: SUSE-SU-2015:1304 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html
SuSE Security Announcement: SUSE-SU-2015:1305 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html
SuSE Security Announcement: SUSE-SU-2015:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html
SuSE Security Announcement: SUSE-SU-2015:1322 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html
SuSE Security Announcement: SUSE-SU-2016:0227 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
SuSE Security Announcement: openSUSE-SU-2015:1326 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
SuSE Security Announcement: openSUSE-SU-2015:1335 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html
http://www.ubuntu.com/usn/USN-2693-1
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.