Security Bulletin
Summary
BIND is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2016-9778
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of specific queries when using the nxdomain-redirect feature. By sending a malformed query, a remote attacker could exploit this vulnerability to trigger a REQUIRE assertion failure in db.c.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120475 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-9131
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses during recursion. By sending a malformed response to a RTYPE ANY query, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120472 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-9444
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DS resource record. By sending a specially-constructed answer, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120474 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-9147
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120473 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-3135
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when using both DNS64 and RPZ to rewrite query responses. A remote attacker could exploit this vulnerability to trigger an INSIST assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121740 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Version | CVE list |
Power HMC V8.8.3.0 | CVE-2016-9147 |
Power HMC V8.8.4.0 | CVE-2016-9147 |
Power HMC V8.8.5.0 | CVE-2016-9147 |
Power HMC V8.8.6.0 | CVE-2016-9147, CVE-2016-9778, CVE-2016-9131, CVE-2016-9444, and CVE-2017-3135 |
Remediation/Fixes
The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/
Product | VRMF | APAR | Remediation/Fix |
Power HMC | V8.8.3.0 SP3 | MB04070 | |
Power HMC | V8.8.4.0 SP2 | MB04071 | |
Power HMC | V8.8.5.0 SP2 | MB04074 | |
Power HMC | V8.8.6.0 SP1 | MB04041 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
23 March 2017: Initial version
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
22 September 2021
UID
nas8N1021837