CVE-2016-2776
CVE-2016-2776
Vexday Risk Score
84Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (27 stars) — exploitation code widely available.
CVSS —EPSS 89.5%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
27 Sep 2016Metasploit module available
28 Sep 2016Published on NVD
28 Sep 2016Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/infobyte/CVE-2016-2776★ 27githubgithub.com/KosukeShimofuji/CVE-2016-2776★ 0cve_referencewww.exploit-db.com/exploits/40453/unverifiedexploitdbwww.exploit-db.com/exploits/40453unverifiedvulncheckvulncheck.com/xdb/63841840badbunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://rhn.redhat.com/errata/RHSA-2016-1944.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1945.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2099.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107https://kb.isc.org/article/AA-01419/0https://kb.isc.org/article/AA-01435https://kb.isc.org/article/AA-01436https://kb.isc.org/article/AA-01438https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.aschttps://security.gentoo.org/glsa/201610-07https://security.netapp.com/advisory/ntap-20160930-0001/https://www.exploit-db.com/exploits/40453/