Vulnerability Details : CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-8000
- cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.1:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.1:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.6:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.5:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.4:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.8.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.6:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.7:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.7:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.8:rc1:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*
Threat overview for CVE-2015-8000
Top countries where our scanners detected CVE-2015-8000
Top open port discovered on systems with this issue
53
IPs affected by CVE-2015-8000 198,645
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-8000!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-8000
95.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8000
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-8000
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8000
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
[security-announce] SUSE-SU-2016:0227-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-2658.html
RHSA-2015:2658 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html
[SECURITY] Fedora 22 Update: dnsperf-2.0.0.0-19.fc22
-
https://kb.isc.org/article/AA-01380
404 Page not foundVendor Advisory
-
http://www.securitytracker.com/id/1034418
BIND Class Attribute Parsing Error Lets Remote Users Cause the Target named Service to Crash - SecurityTracker
-
http://marc.info/?l=bugtraq&m=145680832702035&w=2
'[security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Servic' - MARCThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00034.html
[security-announce] SUSE-SU-2015:2359-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00042.html
[security-announce] openSUSE-SU-2015:2391-1: important: Security update
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Oracle Solaris Third Party Bulletin - October 2015Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0078.html
RHSA-2016:0078 - Security Advisory - Red Hat Customer Portal
-
https://kb.isc.org/article/AA-01438
404 Page not found
-
http://rhn.redhat.com/errata/RHSA-2016-0079.html
RHSA-2016:0079 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2015/dsa-3420
Debian -- Security Information -- DSA-3420-1 bind9
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00035.html
[security-announce] openSUSE-SU-2015:2364-1: important: Security update
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966
The Slackware Linux Project: Slackware Security Advisories
-
http://www.securityfocus.com/bid/79349
ISC BIND CVE-2015-8000 Remote Denial of Service Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00036.html
[security-announce] openSUSE-SU-2015:2365-1: important: Security update
-
http://rhn.redhat.com/errata/RHSA-2015-2655.html
RHSA-2015:2655 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
https://kb.isc.org/article/AA-01317
CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c - Affecting Only Obsolete BranchesVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html
[SECURITY] Fedora 22 Update: bind99-9.9.8-1.P2.fc22
-
http://rhn.redhat.com/errata/RHSA-2015-2656.html
RHSA-2015:2656 - Security Advisory - Red Hat Customer Portal
-
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
UTM Up2Date 9.354 released – Sophos NewsPatch
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html
[security-announce] SUSE-SU-2015:2341-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-2837-1
USN-2837-1: Bind vulnerability | Ubuntu security notices
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS)
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Third Party Advisory
-
http://packetstormsecurity.com/files/134882/FreeBSD-Security-Advisory-BIND-Denial-Of-Service.html
FreeBSD Security Advisory - BIND Denial Of Service ≈ Packet Storm
-
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
UTM Up2Date 9.319 released – Sophos NewsPatch
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html
[security-announce] SUSE-SU-2015:2340-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html
[SECURITY] Fedora 23 Update: bind-dyndb-ldap-8.0-4.fc23
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html
[SECURITY] Fedora 23 Update: bind99-9.9.8-1.P2.fc23
Jump to