6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.023 Low
EPSS
Percentile
89.5%
ISC BIND named contains a vulnerability where under certain situations it could incorrectly mark zone data as insecure.
According to ISC:
named, acting as a DNSSEC validator, was determining if an NS RRset is insecure based on a value that could mean either that the RRset is actually insecure or that there wasn’t a matching key for the RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
This can happen when in the middle of a DNSKEY algorithm rollover, when two different algorithms were used to sign a zone but only the new set of keys are in the zone DNSKEY RRset.
Answers are marked incorrectly as insecure.
**Apply an update
Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors. **
This vulnerability is addressed in ISC BIND versions 9.4-ESV-R4, 9.6.2-P3 or 9.6-ESV-R3, and 9.7.2-P3. Users of BIND from the original source distribution should upgrade to one of these versions, as appropriate.
See also <https://www.isc.org/software/bind/advisories/cve-2010-3614>
837744
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: December 01, 2010
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Internet Systems Consortium for reporting this vulnerability.
This document was written by Michael Orlando.
CVE IDs: | CVE-2010-3614 |
---|---|
Severity Metric: | 7.65 Date Public: |