Security Bulletin: Vulnerabilities in bind affect Power Hardware Management Console (CVE-2016-1285, CVE-2016-1286)

2021-09-2301:31:39

www.ibm.com

power hmc

bind

denial of service

v7.9.0.0

v8.1.0.0

v8.2.0.0

v8.3.0.0

v8.4.0.0

remote attackers

efix

ibm fix central

EPSS

0.733

Percentile

98.1%

JSON

Summary

bind is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs

Vulnerability Details

CVEID: CVE-2016-1285**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause the named process to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111389 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-1286**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by an error when parsing signature records for DNAME resource records. A remote attacker could exploit this vulnerability to trigger an assertion failure in resolver.c or db.c and cause the named process to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111390 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)