Vulnerability Details : CVE-2015-1349
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
Vulnerability category: Denial of service
Threat overview for CVE-2015-1349
Top countries where our scanners detected CVE-2015-1349
Top open port discovered on systems with this issue
53
IPs affected by CVE-2015-1349 183,359
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-1349!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-1349
Probability of exploitation activity in the next 30 days: 6.95%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-1349
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.4
|
MEDIUM | AV:N/AC:H/Au:N/C:N/I:N/A:C |
4.9
|
6.9
|
NIST |
CWE ids for CVE-2015-1349
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1349
-
https://bugzilla.redhat.com/show_bug.cgi?id=1193820
1193820 – (CVE-2015-1349) CVE-2015-1349 bind: issue in trust anchor management can cause named to crash
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10116
-
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
Apple - Lists.apple.com
-
http://advisories.mageia.org/MGASA-2015-0082.html
Mageia Advisory: MGASA-2015-0082 - Updated bind packages fix CVE-2015-1349
-
https://kb.isc.org/article/AA-01235
CVE-2015-1349: A Problem with Trust Anchor Management Can Cause named to Crash - Affecting Only Obsolete BranchesVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:054
mandriva.com
-
http://www.ubuntu.com/usn/USN-2503-1
USN-2503-1: Bind vulnerability | Ubuntu security notices
-
https://security.gentoo.org/glsa/201510-01
BIND: Denial of Service (GLSA 201510-01) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html
[security-announce] openSUSE-SU-2015:1326-1: important: Security update
-
http://marc.info/?l=bugtraq&m=143740940810833&w=2
'[security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS' - MARC
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html
[security-announce] SUSE-SU-2015:1205-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-0672.html
RHSA-2015:0672 - Security Advisory - Red Hat Customer Portal
-
https://support.apple.com/HT205219
About the security content of OS X Server v5.0.3 - Apple Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html
[SECURITY] Fedora 21 Update: bind-9.9.6-8.P1.fc21
-
https://kb.juniper.net/JSA10783
Juniper Networks - 2017-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1.
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:165
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html
[SECURITY] Fedora 20 Update: bind-9.9.4-18.P2.fc20
-
http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html
openSUSE-SU-2015:1250-1: moderate: Security update for bind
Products affected by CVE-2015-1349
- cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.6:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.4:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.6:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.7:b1:*:*:*:*:*:*