Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Amazon Linux Local Check: alas-2015-631

Information

Severity

Severity

High

Family

Family

Amazon Linux Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.1

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

4 years ago

Summary

Amazon Linux Local Security Checks

Insight

Insight

An error in the parsing of incoming responses allows some records with an incorrect class to be be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. Intentional exploitation of this condition is possible and could be used as a denial-of-service vector against servers performing recursive queries. (CVE-2015-8000 )CVE-2015-8461 was also issued today for bind, but the Amazon Linux AMI's version of bind is not impacted by that CVE.

Solution

Solution

Run yum update bind to update your system.

Common Vulnerabilities and Exposures (CVE)