Vulnerability Details : CVE-2015-8704
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-8704
- cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.8:p2:*:*:*:*:*:*
Threat overview for CVE-2015-8704
Top countries where our scanners detected CVE-2015-8704
Top open port discovered on systems with this issue
53
IPs affected by CVE-2015-8704 8,827
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-8704!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-8704
95.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8704
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:C |
8.0
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2015-8704
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8704
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
[security-announce] SUSE-SU-2016:0227-1: important: Security update for
-
https://security.gentoo.org/glsa/201610-07
BIND: Multiple vulnerabilities (GLSA 201610-07) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00024.html
[security-announce] SUSE-SU-2016:0200-1: important: Security update for
-
http://www.debian.org/security/2016/dsa-3449
Debian -- Security Information -- DSA-3449-1 bind9
-
https://kb.isc.org/article/AA-01380
404 Page not foundVendor Advisory
-
http://www.securityfocus.com/bid/81329
ISC BIND CVE-2015-8704 Remote Denial of Service Vulnerability
-
http://marc.info/?l=bugtraq&m=145680832702035&w=2
'[security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Servic' - MARCThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00022.html
[security-announce] openSUSE-SU-2016:0197-1: important: Security update
-
https://kb.isc.org/article/AA-01335
CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c - Affecting Only Obsolete BranchesVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html
[SECURITY] Fedora 22 Update: bind-9.10.3-8.P3.fc22
-
https://kb.isc.org/article/AA-01438
404 Page not found
-
http://rhn.redhat.com/errata/RHSA-2016-0074.html
RHSA-2016:0074 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2874-1
USN-2874-1: Bind vulnerability | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html
[security-announce] SUSE-SU-2016:0174-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html
[SECURITY] Fedora 23 Update: bind-9.10.3-10.P3.fc23
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00023.html
[security-announce] openSUSE-SU-2016:0199-1: important: Security update
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Oracle Solaris Bulletin - January 2016
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175973.html
[SECURITY] Fedora 23 Update: bind99-9.9.8-2.P3.fc23
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178045.html
[SECURITY] Fedora 22 Update: bind99-9.9.8-2.P3.fc22
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html
[security-announce] SUSE-SU-2016:0180-1: important: Security update for
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
Oracle Solaris Bulletin - October 2016
-
http://www.securitytracker.com/id/1034739
ISC BIND Overflow in Processing Address Prefix List Data Lets Remote Authenticated Users Cause the Target Service to Crash - SecurityTracker
-
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:08.bind.asc
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
http://rhn.redhat.com/errata/RHSA-2016-0073.html
RHSA-2016:0073 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00025.html
[security-announce] openSUSE-SU-2016:0204-1: important: Security update
Jump to