NVD Vulnerability Detail

CVE-2016-1285

Summary	named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Publication Date	March 10, 2016, 8:59 a.m.
Registration Date	Jan. 26, 2021, 2:07 p.m.
Last Update	Nov. 21, 2024, 11:46 a.m.

CVSS3.1 : MEDIUM
スコア	6.8
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更あり
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:isc:bind:9.10.3:p1::::::
cpe:2.3:a:isc:bind:9.10.3:p3::::::
cpe:2.3:a:isc:bind:9.10.3:rc1::::::
cpe:2.3:a:isc:bind:9.9.8:p3::::::
cpe:2.3:a:isc:bind:9.10.3:p2::::::
cpe:2.3:a:isc:bind:9.9.8:p2::::::
cpe:2.3:a:isc:bind:9.9.8:rc1::::::
cpe:2.3:a:isc:bind::::::::	9.0.0			9.9.8
cpe:2.3:a:isc:bind::::::::	9.10.0			9.10.3
cpe:2.3:a:isc:bind:9.10.3:beta1::::::
cpe:2.3:a:isc:bind:9.10.3:-::::::
cpe:2.3:a:isc:bind:9.9.8:-::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::
cpe:2.3:a:suse:openstack_cloud:5:::::::*
cpe:2.3:a:suse:manager_proxy:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::ltss:::*
cpe:2.3:a:suse:manager:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
cpe:2.3:o:opensuse:opensuse:11.4:::::::*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
cpe:2.3:o:opensuse:leap:42.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:22:::::::*
cpe:2.3:o:fedoraproject:fedora:24:::::::*
cpe:2.3:o:fedoraproject:fedora:23:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:juniper:junos:12.1x46:d60::::::
cpe:2.3:o:juniper:junos:12.1x46:d30::::::
cpe:2.3:o:juniper:junos:12.1x46:d45::::::
cpe:2.3:o:juniper:junos:12.1x46:d50::::::
cpe:2.3:o:juniper:junos:12.1x46:d65::::::
cpe:2.3:o:juniper:junos:12.1x46:d35::::::
cpe:2.3:o:juniper:junos:12.1x46:d25::::::
cpe:2.3:o:juniper:junos:12.1x46:d20::::::
cpe:2.3:o:juniper:junos:12.1x46:d40::::::
cpe:2.3:o:juniper:junos:12.1x46:d15::::::
cpe:2.3:o:juniper:junos:12.1x46:d10::::::
cpe:2.3:o:juniper:junos:12.1x46:d55::::::
cpe:2.3:o:juniper:junos:12.1x46:d66::::::
cpe:2.3:o:juniper:junos:12.1x46:d70::::::
cpe:2.3:o:juniper:junos:12.1x46:d76::::::
cpe:2.3:o:juniper:junos:12.1x46:d67::::::
cpe:2.3:o:juniper:junos:12.1x46:d71::::::
cpe:2.3:o:juniper:junos:12.1x46:d72::::::
cpe:2.3:o:juniper:junos:12.1x46:d77::::::
cpe:2.3:o:juniper:junos:12.1x46:-::::::
cpe:2.3:o:juniper:junos:12.1x46:d73::::::
cpe:2.3:o:juniper:junos:12.1x46-d10:::::::*
cpe:2.3:o:juniper:junos:12.1x46-d76:-::::::
cpe:2.3:o:juniper:junos:12.3x48:-::::::
cpe:2.3:o:juniper:junos:12.3x48:d40::::::
cpe:2.3:o:juniper:junos:12.3x48:d51::::::
cpe:2.3:o:juniper:junos:12.3x48:d66::::::
cpe:2.3:o:juniper:junos:12.3x48:d75::::::
cpe:2.3:o:juniper:junos:12.3x48:d70::::::
cpe:2.3:o:juniper:junos:12.3x48:d60::::::
cpe:2.3:o:juniper:junos:12.3x48:d65::::::
cpe:2.3:o:juniper:junos:12.3x48:d20::::::
cpe:2.3:o:juniper:junos:12.3x48:d25::::::
cpe:2.3:o:juniper:junos:12.3x48:d45::::::
cpe:2.3:o:juniper:junos:12.3x48:d55::::::
cpe:2.3:o:juniper:junos:12.3x48:d35::::::
cpe:2.3:o:juniper:junos:12.3x48:d50::::::
cpe:2.3:o:juniper:junos:12.3x48:d10::::::
cpe:2.3:o:juniper:junos:12.3x48:d30::::::
cpe:2.3:o:juniper:junos:12.3x48:d15::::::
cpe:2.3:o:juniper:junos:15.1x49:d50::::::
cpe:2.3:o:juniper:junos:15.1x49:d30::::::
cpe:2.3:o:juniper:junos:15.1x49:d70::::::
cpe:2.3:o:juniper:junos:15.1x49:d80::::::
cpe:2.3:o:juniper:junos:15.1x49:d35::::::
cpe:2.3:o:juniper:junos:15.1x49:d45::::::
cpe:2.3:o:juniper:junos:15.1x49:d75::::::
cpe:2.3:o:juniper:junos:15.1x49:d65::::::
cpe:2.3:o:juniper:junos:15.1x49:d90::::::
cpe:2.3:o:juniper:junos:15.1x49:d110::::::
cpe:2.3:o:juniper:junos:15.1x49:d60::::::
cpe:2.3:o:juniper:junos:15.1x49:d40::::::
cpe:2.3:o:juniper:junos:15.1x49:d20::::::
cpe:2.3:o:juniper:junos:15.1x49:d100::::::
cpe:2.3:o:juniper:junos:15.1x49:d55::::::
cpe:2.3:o:juniper:junos:15.1x49:d15::::::
cpe:2.3:o:juniper:junos:15.1x49:d10::::::
cpe:2.3:o:juniper:junos:15.1x49:d120::::::
cpe:2.3:o:juniper:junos:15.1x49:d130::::::
cpe:2.3:o:juniper:junos:15.1x49:d140::::::
cpe:2.3:o:juniper:junos:15.1x49:d160::::::
cpe:2.3:o:juniper:junos:15.1x49:d25::::::
cpe:2.3:o:juniper:junos:15.1x49:d131::::::
cpe:2.3:o:juniper:junos:15.1x49:d150::::::
cpe:2.3:o:juniper:junos:15.1x49:d180::::::
cpe:2.3:o:juniper:junos:15.1x49:d170::::::
cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
cpe:2.3:o:juniper:junos:17.3:r3-s5::::::
cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
cpe:2.3:o:juniper:junos:17.3:-::::::
cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
cpe:2.3:o:juniper:junos:17.3:r2-s5::::::
cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3-s6::::::
cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
cpe:2.3:o:juniper:junos:17.3:r1-s4::::::
cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
cpe:2.3:o:juniper:junos:17.3:r3::::::
cpe:2.3:o:juniper:junos:17.3:r2::::::
cpe:2.3:o:juniper:junos:17.3:r1::::::
cpe:2.3:o:juniper:junos:17.4:r1::::::
cpe:2.3:o:juniper:junos:17.4:r2::::::
cpe:2.3:o:juniper:junos:17.4:r1-s3::::::
cpe:2.3:o:juniper:junos:17.4:r2-s2::::::
cpe:2.3:o:juniper:junos:17.4:r1-s2::::::
cpe:2.3:o:juniper:junos:17.4:r1-s1::::::
cpe:2.3:o:juniper:junos:17.4:r2-s5::::::
cpe:2.3:o:juniper:junos:17.4:r2-s6::::::
cpe:2.3:o:juniper:junos:17.4:r2-s7::::::
cpe:2.3:o:juniper:junos:17.4:r2-s8::::::
cpe:2.3:o:juniper:junos:17.4:r2-s11::::::
cpe:2.3:o:juniper:junos:17.4:r2-s9::::::
cpe:2.3:o:juniper:junos:17.4:r2-s10::::::
cpe:2.3:o:juniper:junos:17.4:r2-s12::::::
cpe:2.3:o:juniper:junos:17.4:r2-s13::::::
cpe:2.3:o:juniper:junos:17.4:r2-s1::::::
cpe:2.3:o:juniper:junos:17.4:-::::::
cpe:2.3:o:juniper:junos:17.4:r1-s5::::::
cpe:2.3:o:juniper:junos:17.4:r1-s7::::::
cpe:2.3:o:juniper:junos:17.4:r1-s4::::::
cpe:2.3:o:juniper:junos:17.4:r2-s3::::::
cpe:2.3:o:juniper:junos:17.4:r2-s4::::::
cpe:2.3:o:juniper:junos:17.4:r1-s6::::::
cpe:2.3:o:juniper:junos:18.1:r3-s5::::::
cpe:2.3:o:juniper:junos:18.1:r3-s1::::::
cpe:2.3:o:juniper:junos:18.1:r3-s4::::::
cpe:2.3:o:juniper:junos:18.1:r3-s3::::::
cpe:2.3:o:juniper:junos:18.1:r3-s2::::::
cpe:2.3:o:juniper:junos:18.1:-::::::
cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
cpe:2.3:o:juniper:junos:18.1:r2-s4::::::
cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
cpe:2.3:o:juniper:junos:18.1:r3-s13::::::
cpe:2.3:o:juniper:junos:18.1:r3-s8::::::
cpe:2.3:o:juniper:junos:18.1:r3-s6::::::
cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
cpe:2.3:o:juniper:junos:18.1:r2::::::
cpe:2.3:o:juniper:junos:18.1:r1::::::
cpe:2.3:o:juniper:junos:18.1:r3::::::
cpe:2.3:o:juniper:junos:18.2:r1::::::
cpe:2.3:o:juniper:junos:18.2:-::::::
cpe:2.3:o:juniper:junos:18.2:r2-s1::::::
cpe:2.3:o:juniper:junos:18.2:r2-s2::::::
cpe:2.3:o:juniper:junos:18.2:r1-s3::::::
cpe:2.3:o:juniper:junos:18.2:r2-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2-s6::::::
cpe:2.3:o:juniper:junos:18.2:r2-s7::::::
cpe:2.3:o:juniper:junos:18.2:r1-s2::::::
cpe:2.3:o:juniper:junos:18.2:r2-s8::::::
cpe:2.3:o:juniper:junos:18.2:r2-s3::::::
cpe:2.3:o:juniper:junos:18.2:r2-s4::::::
cpe:2.3:o:juniper:junos:18.2:r1-s4::::::
cpe:2.3:o:juniper:junos:18.2:r1-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2::::::
cpe:2.3:o:juniper:junos:18.3:r1-s4::::::
cpe:2.3:o:juniper:junos:18.3:r1-s3::::::
cpe:2.3:o:juniper:junos:18.3:r1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s2::::::
cpe:2.3:o:juniper:junos:18.3:-::::::
cpe:2.3:o:juniper:junos:18.3:r1-s5::::::
cpe:2.3:o:juniper:junos:18.3:r1-s6::::::
cpe:2.3:o:juniper:junos:18.3:r1-s1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s5::::::
cpe:2.3:o:juniper:junos:18.4:r1-s3::::::
cpe:2.3:o:juniper:junos:18.4:r1-s4::::::
cpe:2.3:o:juniper:junos:18.4:r1-s2::::::
cpe:2.3:o:juniper:junos:18.4:-::::::
cpe:2.3:o:juniper:junos:18.4:r1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s1::::::
execution environment
1	cpe:2.3:a:juniper:vsrx:-:::::::*
2	cpe:2.3:h:juniper:srx100:-:::::::*
3	cpe:2.3:h:juniper:srx110:-:::::::*
4	cpe:2.3:h:juniper:srx1400:-:::::::*
5	cpe:2.3:h:juniper:srx1500:-:::::::*
6	cpe:2.3:h:juniper:srx1600:-:::::::*
7	cpe:2.3:h:juniper:srx210:-:::::::*
8	cpe:2.3:h:juniper:srx220:-:::::::*
9	cpe:2.3:h:juniper:srx2300:-:::::::*
10	cpe:2.3:h:juniper:srx240:-:::::::*
11	cpe:2.3:h:juniper:srx240h2:-:::::::*
12	cpe:2.3:h:juniper:srx240m:-:::::::*
13	cpe:2.3:h:juniper:srx300:-:::::::*
14	cpe:2.3:h:juniper:srx320:-:::::::*
15	cpe:2.3:h:juniper:srx340:-:::::::*
16	cpe:2.3:h:juniper:srx3400:-:::::::*
17	cpe:2.3:h:juniper:srx345:-:::::::*
18	cpe:2.3:h:juniper:srx3600:-:::::::*
19	cpe:2.3:h:juniper:srx380:-:::::::*
20	cpe:2.3:h:juniper:srx4000:-:::::::*
21	cpe:2.3:h:juniper:srx4100:-:::::::*
22	cpe:2.3:h:juniper:srx4200:-:::::::*
23	cpe:2.3:h:juniper:srx4300:-:::::::*
24	cpe:2.3:h:juniper:srx4600:-:::::::*
25	cpe:2.3:h:juniper:srx4700:-:::::::*
26	cpe:2.3:h:juniper:srx5000:-:::::::*
27	cpe:2.3:h:juniper:srx5400:-:::::::*
28	cpe:2.3:h:juniper:srx550:-:::::::*
29	cpe:2.3:h:juniper:srx550_hm:-:::::::*
30	cpe:2.3:h:juniper:srx550m:-:::::::*
31	cpe:2.3:h:juniper:srx5600:-:::::::*
32	cpe:2.3:h:juniper:srx5800:-:::::::*
33	cpe:2.3:h:juniper:srx650:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html	Mailing List
2	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html	Mailing List
3	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html	Mailing List
4	http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html	Mailing List
5	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html	Mailing List
6	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html	Mailing List
7	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html	Mailing List
8	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html	Mailing List
9	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html	Mailing List
10	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html	Mailing List
11	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html	Mailing List
12	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html	Mailing List
13	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html	Mailing List
14	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html	Mailing List
15	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html	Mailing List
16	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html	Mailing List
17	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html	Mailing List
18	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html	Mailing List
19	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html	Mailing List
20	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html	Mailing List
21	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html	Mailing List
22	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html	Mailing List
23	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html	Mailing List
24	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html	Mailing List
25	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html	Mailing List
26	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html	Mailing List
27	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html	Mailing List Third Party Advisory
28	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html	Mailing List Third Party Advisory
29	http://marc.info/?l=bugtraq&m=146191105921542&w=2	Issue Tracking Third Party Advisory
30	http://marc.info/?l=bugtraq&m=146191105921542&w=2	Issue Tracking Third Party Advisory
31	http://marc.info/?l=bugtraq&m=146191105921542&w=2	Issue Tracking Third Party Advisory
32	http://marc.info/?l=bugtraq&m=146191105921542&w=2	Issue Tracking Third Party Advisory
33	http://rhn.redhat.com/errata/RHSA-2016-0562.html	Third Party Advisory
34	http://rhn.redhat.com/errata/RHSA-2016-0562.html	Third Party Advisory
35	http://rhn.redhat.com/errata/RHSA-2016-0601.html	Third Party Advisory
36	http://rhn.redhat.com/errata/RHSA-2016-0601.html	Third Party Advisory
37	http://www.debian.org/security/2016/dsa-3511	Third Party Advisory
38	http://www.debian.org/security/2016/dsa-3511	Third Party Advisory
39	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Third Party Advisory
40	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Third Party Advisory
41	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
42	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
43	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Third Party Advisory
44	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Third Party Advisory
45	http://www.securitytracker.com/id/1035236	Broken Link Third Party Advisory VDB Entry
46	http://www.securitytracker.com/id/1035236	Broken Link Third Party Advisory VDB Entry
47	http://www.ubuntu.com/usn/USN-2925-1	Third Party Advisory
48	http://www.ubuntu.com/usn/USN-2925-1	Third Party Advisory
49	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821	Third Party Advisory
50	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821	Third Party Advisory
51	https://kb.isc.org/article/AA-01352	Vendor Advisory
52	https://kb.isc.org/article/AA-01352	Vendor Advisory
53	https://kb.isc.org/article/AA-01380	Broken Link Release Notes
54	https://kb.isc.org/article/AA-01380	Broken Link Release Notes
55	https://kb.isc.org/article/AA-01438	Broken Link
56	https://kb.isc.org/article/AA-01438	Broken Link
57	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc	Third Party Advisory
58	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc	Third Party Advisory
59	https://security.gentoo.org/glsa/201610-07	Third Party Advisory
60	https://security.gentoo.org/glsa/201610-07	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

ISC BIND の named におけるサービス運用妨害 (DoS) の脆弱性

Title	ISC BIND の named におけるサービス運用妨害 (DoS) の脆弱性
Summary	ISC BIND の named は、alist.c および sexpr.c に関する不備があり、フェッチ応答メッセージを解析する際、DNAME レコードを適切に処理しないため、サービス運用妨害 (表明違反およびデーモンの停止) 状態にされる脆弱性が存在します。
Possible impacts	第三者により、rndc (別名制御チャネル) インターフェースの不正な形式のパケットを介して、サービス運用妨害 (表明違反およびデーモンの停止) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 9, 2016, midnight
Registration Date	March 30, 2016, 12:26 p.m.
Last Update	Nov. 14, 2016, 5:56 p.m.

Affected System

ISC, Inc.

BIND 9.10.3-P4 未満の 9.10.x

BIND 9.9.8-P4 未満の 9.x

日本電気

Express5800 /SG シリーズ InterSecVM/SG v1.2、v3.0、v3.1、v4.0

Express5800 /SG シリーズ SG3600LM/LG/LJ v6.1、v6.2、v7.0、v7.1、v8.0、v8.2

Express5800 /SG シリーズ UNIVERGE SG3000LG/LJ

SUSE

SUSE Manager 2.1

SUSE Manager Proxy 2.1

SUSE OpenStack Cloud 5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-1285	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
Knowledge Base
2	CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c	https://kb.isc.org/article/AA-01352
National Vulnerability Database (NVD)
3	CVE-2016-1285	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	AXSA:2016-142:02	https://tsn.miraclelinux.com/ja/node/6528
2	AXSA:2016-143:02	https://tsn.miraclelinux.com/ja/node/6529
HPE Security Bulletin
3	HPSBUX03583	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821
Knowledge Base
4	BIND 9.10.4 Release Notes	https://kb.isc.org/article/AA-01380
NEC製品セキュリティ情報
5	NV16-017	http://jpn.nec.com/security-info/secinfo/nv16-017.html
opensuse-security-announce
6	SUSE-SU-2016:1541	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html
Oracle Technology Network
7	Oracle Linux Bulletin - January 2016	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
8	Oracle Solaris Third Party Bulletin - January 2016	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
9	Oracle VM Server for x86 Bulletin - July 2016	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Turbolinux Security Advisory
10	TLSA-2016-9	http://www.turbolinux.co.jp/security/2016/TLSA-2016-9j.html

その他

No	Name	URL
JPRS
1	（緊急）BIND 9.xの脆弱性（DNSサービスの停止）について（CVE-2016-1285）	https://jprs.jp/tech/security/2016-03-10-bind9-vuln-controlchannel.html
JVN
2	JVNVU#95402108	http://jvn.jp/vu/JVNVU95402108/

Change Log

No	Changed Details	Date of change
0	[2016年03月30日] 掲載 [2016年03月31日] ベンダ情報：ミラクル・リナックス (AXSA:2016-142:02) を追加ベンダ情報：ミラクル・リナックス (AXSA:2016-143:02) を追加 [2016年04月06日] CVSS による深刻度：内容を更新 CWE による脆弱性タイプ一覧：CWE-ID を追加 [2016年06月27日] ベンダ情報：ISC, Inc. (BIND 9.10.4 Release Notes) を追加 [2016年07月01日] 概要：内容を更新影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：openSUSE project (SUSE-SU-2016:1541) を追加 [2016年08月25日] ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBUX03583) を追加ベンダ情報：日本電気 (NV16-017) を追加影響を受けるシステム：ベンダ情報の追加に伴い内容を更新 [2016年11月14日] ベンダ情報：オラクル (Oracle Solaris Third Party Bulletin - January 2016) を追加ベンダ情報：オラクル (Oracle Linux Bulletin - January 2016) を追加ベンダ情報：オラクル (Oracle VM Server for x86 Bulletin - July 2016) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:isc:bind:9.10.3:p1::::::
cpe:2.3:a:isc:bind:9.10.3:p3::::::
cpe:2.3:a:isc:bind:9.10.3:rc1::::::
cpe:2.3:a:isc:bind:9.9.8:p3::::::
cpe:2.3:a:isc:bind:9.10.3:p2::::::
cpe:2.3:a:isc:bind:9.9.8:p2::::::
cpe:2.3:a:isc:bind:9.9.8:rc1::::::
cpe:2.3:a:isc:bind::::::::	9.0.0			9.9.8
cpe:2.3:a:isc:bind::::::::	9.10.0			9.10.3
cpe:2.3:a:isc:bind:9.10.3:beta1::::::
cpe:2.3:a:isc:bind:9.10.3:-::::::
cpe:2.3:a:isc:bind:9.9.8:-::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3::::::
cpe:2.3:a:suse:openstack_cloud:5:::::::*
cpe:2.3:a:suse:manager_proxy:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::ltss:::*
cpe:2.3:a:suse:manager:2.1:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
cpe:2.3:o:opensuse:opensuse:11.4:::::::*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
cpe:2.3:o:opensuse:leap:42.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:12:-::::::
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-::::::
cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::

Configuration6		or higher	or less	more than	less than
cpe:2.3:o:juniper:junos:12.1x46:d60::::::
cpe:2.3:o:juniper:junos:12.1x46:d30::::::
cpe:2.3:o:juniper:junos:12.1x46:d45::::::
cpe:2.3:o:juniper:junos:12.1x46:d50::::::
cpe:2.3:o:juniper:junos:12.1x46:d65::::::
cpe:2.3:o:juniper:junos:12.1x46:d35::::::
cpe:2.3:o:juniper:junos:12.1x46:d25::::::
cpe:2.3:o:juniper:junos:12.1x46:d20::::::
cpe:2.3:o:juniper:junos:12.1x46:d40::::::
cpe:2.3:o:juniper:junos:12.1x46:d15::::::
cpe:2.3:o:juniper:junos:12.1x46:d10::::::
cpe:2.3:o:juniper:junos:12.1x46:d55::::::
cpe:2.3:o:juniper:junos:12.1x46:d66::::::
cpe:2.3:o:juniper:junos:12.1x46:d70::::::
cpe:2.3:o:juniper:junos:12.1x46:d76::::::
cpe:2.3:o:juniper:junos:12.1x46:d67::::::
cpe:2.3:o:juniper:junos:12.1x46:d71::::::
cpe:2.3:o:juniper:junos:12.1x46:d72::::::
cpe:2.3:o:juniper:junos:12.1x46:d77::::::
cpe:2.3:o:juniper:junos:12.1x46:-::::::
cpe:2.3:o:juniper:junos:12.1x46:d73::::::
cpe:2.3:o:juniper:junos:12.1x46-d10:::::::*
cpe:2.3:o:juniper:junos:12.1x46-d76:-::::::
cpe:2.3:o:juniper:junos:12.3x48:-::::::
cpe:2.3:o:juniper:junos:12.3x48:d40::::::
cpe:2.3:o:juniper:junos:12.3x48:d51::::::
cpe:2.3:o:juniper:junos:12.3x48:d66::::::
cpe:2.3:o:juniper:junos:12.3x48:d75::::::
cpe:2.3:o:juniper:junos:12.3x48:d70::::::
cpe:2.3:o:juniper:junos:12.3x48:d60::::::
cpe:2.3:o:juniper:junos:12.3x48:d65::::::
cpe:2.3:o:juniper:junos:12.3x48:d20::::::
cpe:2.3:o:juniper:junos:12.3x48:d25::::::
cpe:2.3:o:juniper:junos:12.3x48:d45::::::
cpe:2.3:o:juniper:junos:12.3x48:d55::::::
cpe:2.3:o:juniper:junos:12.3x48:d35::::::
cpe:2.3:o:juniper:junos:12.3x48:d50::::::
cpe:2.3:o:juniper:junos:12.3x48:d10::::::
cpe:2.3:o:juniper:junos:12.3x48:d30::::::
cpe:2.3:o:juniper:junos:12.3x48:d15::::::
cpe:2.3:o:juniper:junos:15.1x49:d50::::::
cpe:2.3:o:juniper:junos:15.1x49:d30::::::
cpe:2.3:o:juniper:junos:15.1x49:d70::::::
cpe:2.3:o:juniper:junos:15.1x49:d80::::::
cpe:2.3:o:juniper:junos:15.1x49:d35::::::
cpe:2.3:o:juniper:junos:15.1x49:d45::::::
cpe:2.3:o:juniper:junos:15.1x49:d75::::::
cpe:2.3:o:juniper:junos:15.1x49:d65::::::
cpe:2.3:o:juniper:junos:15.1x49:d90::::::
cpe:2.3:o:juniper:junos:15.1x49:d110::::::
cpe:2.3:o:juniper:junos:15.1x49:d60::::::
cpe:2.3:o:juniper:junos:15.1x49:d40::::::
cpe:2.3:o:juniper:junos:15.1x49:d20::::::
cpe:2.3:o:juniper:junos:15.1x49:d100::::::
cpe:2.3:o:juniper:junos:15.1x49:d55::::::
cpe:2.3:o:juniper:junos:15.1x49:d15::::::
cpe:2.3:o:juniper:junos:15.1x49:d10::::::
cpe:2.3:o:juniper:junos:15.1x49:d120::::::
cpe:2.3:o:juniper:junos:15.1x49:d130::::::
cpe:2.3:o:juniper:junos:15.1x49:d140::::::
cpe:2.3:o:juniper:junos:15.1x49:d160::::::
cpe:2.3:o:juniper:junos:15.1x49:d25::::::
cpe:2.3:o:juniper:junos:15.1x49:d131::::::
cpe:2.3:o:juniper:junos:15.1x49:d150::::::
cpe:2.3:o:juniper:junos:15.1x49:d180::::::
cpe:2.3:o:juniper:junos:15.1x49:d170::::::
cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
cpe:2.3:o:juniper:junos:17.3:r3-s5::::::
cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
cpe:2.3:o:juniper:junos:17.3:-::::::
cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
cpe:2.3:o:juniper:junos:17.3:r2-s5::::::
cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3-s6::::::
cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
cpe:2.3:o:juniper:junos:17.3:r1-s4::::::
cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
cpe:2.3:o:juniper:junos:17.3:r3::::::
cpe:2.3:o:juniper:junos:17.3:r2::::::
cpe:2.3:o:juniper:junos:17.3:r1::::::
cpe:2.3:o:juniper:junos:17.4:r1::::::
cpe:2.3:o:juniper:junos:17.4:r2::::::
cpe:2.3:o:juniper:junos:17.4:r1-s3::::::
cpe:2.3:o:juniper:junos:17.4:r2-s2::::::
cpe:2.3:o:juniper:junos:17.4:r1-s2::::::
cpe:2.3:o:juniper:junos:17.4:r1-s1::::::
cpe:2.3:o:juniper:junos:17.4:r2-s5::::::
cpe:2.3:o:juniper:junos:17.4:r2-s6::::::
cpe:2.3:o:juniper:junos:17.4:r2-s7::::::
cpe:2.3:o:juniper:junos:17.4:r2-s8::::::
cpe:2.3:o:juniper:junos:17.4:r2-s11::::::
cpe:2.3:o:juniper:junos:17.4:r2-s9::::::
cpe:2.3:o:juniper:junos:17.4:r2-s10::::::
cpe:2.3:o:juniper:junos:17.4:r2-s12::::::
cpe:2.3:o:juniper:junos:17.4:r2-s13::::::
cpe:2.3:o:juniper:junos:17.4:r2-s1::::::
cpe:2.3:o:juniper:junos:17.4:-::::::
cpe:2.3:o:juniper:junos:17.4:r1-s5::::::
cpe:2.3:o:juniper:junos:17.4:r1-s7::::::
cpe:2.3:o:juniper:junos:17.4:r1-s4::::::
cpe:2.3:o:juniper:junos:17.4:r2-s3::::::
cpe:2.3:o:juniper:junos:17.4:r2-s4::::::
cpe:2.3:o:juniper:junos:17.4:r1-s6::::::
cpe:2.3:o:juniper:junos:18.1:r3-s5::::::
cpe:2.3:o:juniper:junos:18.1:r3-s1::::::
cpe:2.3:o:juniper:junos:18.1:r3-s4::::::
cpe:2.3:o:juniper:junos:18.1:r3-s3::::::
cpe:2.3:o:juniper:junos:18.1:r3-s2::::::
cpe:2.3:o:juniper:junos:18.1:-::::::
cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
cpe:2.3:o:juniper:junos:18.1:r2-s4::::::
cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
cpe:2.3:o:juniper:junos:18.1:r3-s13::::::
cpe:2.3:o:juniper:junos:18.1:r3-s8::::::
cpe:2.3:o:juniper:junos:18.1:r3-s6::::::
cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
cpe:2.3:o:juniper:junos:18.1:r2::::::
cpe:2.3:o:juniper:junos:18.1:r1::::::
cpe:2.3:o:juniper:junos:18.1:r3::::::
cpe:2.3:o:juniper:junos:18.2:r1::::::
cpe:2.3:o:juniper:junos:18.2:-::::::
cpe:2.3:o:juniper:junos:18.2:r2-s1::::::
cpe:2.3:o:juniper:junos:18.2:r2-s2::::::
cpe:2.3:o:juniper:junos:18.2:r1-s3::::::
cpe:2.3:o:juniper:junos:18.2:r2-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2-s6::::::
cpe:2.3:o:juniper:junos:18.2:r2-s7::::::
cpe:2.3:o:juniper:junos:18.2:r1-s2::::::
cpe:2.3:o:juniper:junos:18.2:r2-s8::::::
cpe:2.3:o:juniper:junos:18.2:r2-s3::::::
cpe:2.3:o:juniper:junos:18.2:r2-s4::::::
cpe:2.3:o:juniper:junos:18.2:r1-s4::::::
cpe:2.3:o:juniper:junos:18.2:r1-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2::::::
cpe:2.3:o:juniper:junos:18.3:r1-s4::::::
cpe:2.3:o:juniper:junos:18.3:r1-s3::::::
cpe:2.3:o:juniper:junos:18.3:r1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s2::::::
cpe:2.3:o:juniper:junos:18.3:-::::::
cpe:2.3:o:juniper:junos:18.3:r1-s5::::::
cpe:2.3:o:juniper:junos:18.3:r1-s6::::::
cpe:2.3:o:juniper:junos:18.3:r1-s1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s5::::::
cpe:2.3:o:juniper:junos:18.4:r1-s3::::::
cpe:2.3:o:juniper:junos:18.4:r1-s4::::::
cpe:2.3:o:juniper:junos:18.4:r1-s2::::::
cpe:2.3:o:juniper:junos:18.4:-::::::
cpe:2.3:o:juniper:junos:18.4:r1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s1::::::
execution environment
1	cpe:2.3:a:juniper:vsrx:-:::::::*
2	cpe:2.3:h:juniper:srx100:-:::::::*
3	cpe:2.3:h:juniper:srx110:-:::::::*
4	cpe:2.3:h:juniper:srx1400:-:::::::*
5	cpe:2.3:h:juniper:srx1500:-:::::::*
6	cpe:2.3:h:juniper:srx1600:-:::::::*
7	cpe:2.3:h:juniper:srx210:-:::::::*
8	cpe:2.3:h:juniper:srx220:-:::::::*
9	cpe:2.3:h:juniper:srx2300:-:::::::*
10	cpe:2.3:h:juniper:srx240:-:::::::*
11	cpe:2.3:h:juniper:srx240h2:-:::::::*
12	cpe:2.3:h:juniper:srx240m:-:::::::*
13	cpe:2.3:h:juniper:srx300:-:::::::*
14	cpe:2.3:h:juniper:srx320:-:::::::*
15	cpe:2.3:h:juniper:srx340:-:::::::*
16	cpe:2.3:h:juniper:srx3400:-:::::::*
17	cpe:2.3:h:juniper:srx345:-:::::::*
18	cpe:2.3:h:juniper:srx3600:-:::::::*
19	cpe:2.3:h:juniper:srx380:-:::::::*
20	cpe:2.3:h:juniper:srx4000:-:::::::*
21	cpe:2.3:h:juniper:srx4100:-:::::::*
22	cpe:2.3:h:juniper:srx4200:-:::::::*
23	cpe:2.3:h:juniper:srx4300:-:::::::*
24	cpe:2.3:h:juniper:srx4600:-:::::::*
25	cpe:2.3:h:juniper:srx4700:-:::::::*
26	cpe:2.3:h:juniper:srx5000:-:::::::*
27	cpe:2.3:h:juniper:srx5400:-:::::::*
28	cpe:2.3:h:juniper:srx550:-:::::::*
29	cpe:2.3:h:juniper:srx550_hm:-:::::::*
30	cpe:2.3:h:juniper:srx550m:-:::::::*
31	cpe:2.3:h:juniper:srx5600:-:::::::*
32	cpe:2.3:h:juniper:srx5800:-:::::::*
33	cpe:2.3:h:juniper:srx650:-:::::::*