Vulnerability Name:

CVE-2015-5477

Assigned:2015-07-28
Published:2015-07-28
Updated:2017-11-09
Summary:named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
CVSS v3 Severity:7.5 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-19
CWE-456
CWE-617
References:Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-12335

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-12357

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-12316

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1304

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1305

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1316

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1322

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1326

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:1335

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0227

Source: HP
Type: UNKNOWN
SSRT102211

Source: HP
Type: UNKNOWN
SSRT102175

Source: HP
Type: UNKNOWN
HPSBOV03506

Source: HP
Type: UNKNOWN
SSRT102248

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1513

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1514

Source: REDHAT
Type: UNKNOWN
RHSA-2015:1515

Source: REDHAT
Type: UNKNOWN
RHSA-2016:0078

Source: REDHAT
Type: UNKNOWN
RHSA-2016:0079

Source: DEBIAN
Type: UNKNOWN
DSA-3319

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: BID
Type: UNKNOWN
76092

Source: SECTRACK
Type: UNKNOWN
1033100

Source: UBUNTU
Type: UNKNOWN
USN-2693-1

Source: XF
Type: UNKNOWN
isc-bind-cve20155477-dos(105120)

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415

Source: CONFIRM
Type: UNKNOWN
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918

Source: CONFIRM
Type: VENDOR_ADVISORY
https://kb.isc.org/article/AA-01272

Source: CONFIRM
Type: UNKNOWN
https://kb.isc.org/article/AA-01305

Source: CONFIRM
Type: UNKNOWN
https://kb.isc.org/article/AA-01306

Source: CONFIRM
Type: UNKNOWN
https://kb.isc.org/article/AA-01307

Source: CONFIRM
Type: UNKNOWN
https://kb.isc.org/article/AA-01438

Source: CONFIRM
Type: UNKNOWN
https://kb.juniper.net/JSA10783

Source: CONFIRM
Type: UNKNOWN
https://kc.mcafee.com/corporate/index?page=content&id=SB10126

Source: GENTOO
Type: UNKNOWN
GLSA-201510-01

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20160114-0001/

Source: CONFIRM
Type: UNKNOWN
https://support.apple.com/kb/HT205032

Source: EXPLOIT-DB
Type: UNKNOWN
37721

Source: EXPLOIT-DB
Type: UNKNOWN
37723

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:bind:9.9.7:p1:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:9.10.2:p2:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:isc:bind:9.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:isc:bind:9.10.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_protector_for_mail_security:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:smartcloud_provisioning:2.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.10.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20155477
    V
    CVE-2015-5477
    2018-08-15
    oval:org.cisecurity:def:87
    P
    DSA-3319-1 -- bind9 -- security update
    2016-02-08
    oval:org.cisecurity:def:10
    V
    HP-UX Running BIND, Remote Denial of Service (DoS)
    2016-02-08
    oval:com.redhat.rhsa:def:20160078
    P
    RHSA-2016:0078: bind security update (Important)
    2016-01-28
    oval:com.ubuntu.precise:def:20155477000
    V
    CVE-2015-5477 on Ubuntu 12.04 LTS (precise) - medium.
    2015-07-29
    oval:com.ubuntu.trusty:def:20155477000
    V
    CVE-2015-5477 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-07-29
    oval:com.redhat.rhsa:def:20151513
    P
    RHSA-2015:1513: bind security update (Important)
    2015-07-28
    oval:com.redhat.rhsa:def:20151514
    P
    RHSA-2015:1514: bind security update (Important)
    2015-07-28
    oval:com.redhat.rhsa:def:20151515
    P
    RHSA-2015:1515: bind97 security update (Important)
    2015-07-28
    BACK
    isc bind 9.9.7 p1
    isc bind 9.10.2 p2
    isc bind 9.9.0
    isc bind 9.10.0
    ibm lotus protector for mail security 2.8
    ibm smartcloud provisioning 2.1.0
    ibm smartcloud provisioning 2.1.0.1
    ibm lotus protector for mail security 2.8.1
    apple mac os x 10.10.5