Vulnerability CVE-2014-8680

Vulnerability Name:

CVE-2014-8680 (CCN-99188)

Assigned:

2014-12-08

Published:

2014-12-08

Updated:

2019-07-30

Summary:

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-284
CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2014-8680

Source: GENTOO
Type: Third Party Advisory
GLSA-201502-03

Source: XF
Type: UNKNOWN
isc-bind-cve20148680-dos(99188)

Source: CCN
Type: ISC BIND Security Advisory AA-01217
CVE-2014-8680: Defects in GeoIP features can cause BIND to crash

Source: CONFIRM
Type: Vendor Advisory
https://kb.isc.org/article/AA-01217

Source: CCN
Type: ISC KB AA-AA-01223
BIND 9.10.1-P1 Release Notes

Source: CCN
Type: ISC KB AA-AA-01224
BIND 9.10.1-P1 Release Notes

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20190730-0002/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-8680

Vulnerable Configuration:

Configuration 1:

cpe:/a:isc:bind:9.10.0:*:*:*:*:*:*:*

OR cpe:/a:isc:bind:9.10.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:isc:bind:9.10.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20148680	V	CVE-2014-8680	2023-06-22
oval:org.opensuse.security:def:7449	P	bind-devel-9.16.6-150300.22.27.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7450	P	bind-utils-9.16.38-150400.5.20.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:616	P	Security update for jasper (Moderate) (in QA)	2022-09-19
oval:org.opensuse.security:def:3469	P	davfs2-1.5.2-2.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2877	P	bind-utils-9.16.20-150400.3.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95099	P	bind-9.16.20-150400.3.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94506	P	bind-devel-9.16.6-150300.22.16.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2876	P	bind-devel-9.16.6-150300.22.16.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94507	P	bind-utils-9.16.20-150400.3.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:319	P	tboot-20170711_1.9.8-15.9.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:16	P	bind-devel-9.16.6-20.39 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:41	P	dbus-1-1.12.2-8.3.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:977	P	Security update for lapack (Moderate)	2022-03-21
oval:org.opensuse.security:def:112003	P	bind-9.10.3P4-21.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:945	P	Security update for net-snmp (Important)	2022-01-11
oval:org.opensuse.security:def:1499	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:64619	P	Security update for bind (Important)	2021-11-23
oval:org.opensuse.security:def:70806	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:94198	P	(Moderate)	2021-11-16
oval:org.opensuse.security:def:1553	P	Security update for the Linux Kernel (Important)	2021-11-09
oval:org.opensuse.security:def:105562	P	bind-9.10.3P4-21.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71406	P	tboot-20170711_1.9.8-8.32 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61408	P	bind-devel-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103218	P	bind-devel-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96528	P	bind-devel-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:63198	P	bind-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:90033	P	bind-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103688	P	bind-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96998	P	bind-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:2109	P	bind-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71293	P	libpainter0-0.9.6-2.17 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71149	P	bind-devel-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89563	P	bind-devel-9.11.2-12.8.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:68053	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP1) (Important)	2021-09-16
oval:org.opensuse.security:def:1031	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:67566	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:69708	P	Security update for go1.15 (Moderate)	2021-08-20
oval:org.opensuse.security:def:47634	P	gstreamer-plugins-base-1.8.3-12.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47553	P	apache2-2.4.23-29.24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47477	P	python-2.7.13-27.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47393	P	libpng12-0-1.2.50-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47827	P	memcached-1.4.39-4.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47567	P	binutils-2.31-9.26.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47561	P	autofs-5.0.9-28.3.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47541	P	yast2-users-3.2.11-1.47 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47959	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47688	P	libXvnc1-1.6.0-18.23.72 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47719	P	libicu-doc-52.1-8.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47623	P	gnome-keyring-3.20.0-28.3.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47755	P	libopenssl1_1-1.1.1-1.9 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48051	P	java-1_7_0-openjdk-1.7.0.231-43.27.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47881	P	rtkit-0.11_git201205151338-8.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47790	P	libssh2-1-1.4.3-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47966	P	bubblewrap-0.3.3-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47839	P	p7zip-9.20.1-7.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48199	P	libsrtp1-1.5.2-3.2.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48013	P	gd-2.1.0-24.12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46891	P	apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47997	P	dstat-0.7.3-1.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47901	P	tar-1.27.1-15.3.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47498	P	sane-backends-1.0.24-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48105	P	libdmx1-1.1.3-3.51 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47023	P	libgoa-1_0-0-3.20.4-7.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48068	P	libQt5WebKit5-5.6.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46976	P	java-1_8_0-openjdk-1.8.0.101-14.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47499	P	sblim-sfcb-1.4.8-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48253	P	p7zip-9.20.1-7.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47115	P	p7zip-9.20.1-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47169	P	unixODBC-2.3.4-6.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47513	P	tar-1.27.1-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47552	P	apache-commons-httpclient-3.1-4.364 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47263	P	ghostscript-9.15-22.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47301	P	krb5-1.12.5-39.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2231	P	bind-9.16.6-20.39 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63320	P	bind-9.16.6-20.39 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:100792	P	bind-devel-9.16.6-20.39 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71775	P	bind-devel-9.16.6-20.39 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62034	P	bind-devel-9.16.6-20.39 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100911	P	libgstphotography-1_0-0-1.16.2-7.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66867	P	Security update for crmsh (Moderate)	2021-07-21
oval:org.opensuse.security:def:1611	P	Security update for qemu (Important)	2021-06-10
oval:org.opensuse.security:def:48678	P	kernel-default-extra-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48551	P	libspice-client-glib-2_0-8-0.31-7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46562	P	python-imaging-1.1.7-21.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48706	P	telepathy-gabble-0.18.1-3.268 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48709	P	ImageMagick-6.8.8.1-8.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48760	P	typelib-1_0-EvinceDocument-3_0-3.10.3-1.213 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48613	P	radvd-1.9.7-2.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46563	P	python-libxml2-2.9.1-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48780	P	java-1_7_0-openjdk-plugin-1.6.1-2.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46577	P	squidGuard-1.4-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46840	P	ruby-2.1-1.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46698	P	libXRes1-1.0.7-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46841	P	sblim-sfcb-1.4.8-8.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64706	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:46855	P	tar-1.27.1-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70871	P	bind-devel-9.11.2-10.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48413	P	evince-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48624	P	squid-3.5.21-23.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70919	P	groff-1.22.3-3.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61130	P	bind-devel-9.11.2-10.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48497	P	libgoa-1_0-0-3.20.4-7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48428	P	glib2-lang-2.48.2-10.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48655	P	xorg-x11-server-7.6_1.18.3-57.34 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48482	P	libarchive13-3.1.2-22.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48559	P	libthai-data-0.1.25-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48467	P	libXfont1-1.5.1-10.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48726	P	icu-52.1-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70223	P	Security update for nginx (Important)	2021-05-27
oval:org.opensuse.security:def:66775	P	Security update for dtc (Low)	2021-05-13
oval:org.opensuse.security:def:100385	P	(Important)	2021-03-24
oval:org.opensuse.security:def:69603	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:2167	P	bind-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71446	P	bind-devel-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61705	P	bind-devel-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49003	P	libFLAC++6-32bit-1.3.0-11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49057	P	telepathy-gabble-0.18.3-5.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63256	P	bind-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2055	P	bind-9.11.2-10.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116609	P	bind-devel-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93672	P	bind-devel-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107051	P	bind-devel-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117135	P	bind-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63144	P	bind-9.11.2-10.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107577	P	bind-9.11.2-12.13.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:66260	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:72925	P	Security update for resource-agents (Important)	2020-12-01
oval:org.opensuse.security:def:49998	P	dovecot23 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64219	P	bind-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73043	P	bind-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73440	P	libnma-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70118	P	libsrtp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64132	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:73558	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67466	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:49886	P	java-10-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49994	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66352	P	bind-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67953	P	python3-bottle on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49940	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50052	P	bind on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20148680000	V	CVE-2014-8680 on Ubuntu 12.04 LTS (precise) - medium.	2014-12-10
oval:com.ubuntu.trusty:def:20148680000	V	CVE-2014-8680 on Ubuntu 14.04 LTS (trusty) - medium.	2014-12-10

BACK