Lucene search

K
cisaCISACISA:F3AC94C11AFBF638C4776B43B99CA3A4
HistoryDec 02, 2010 - 12:00 a.m.

Internet Systems Consortium BIND Vulnerabilities

2010-12-0200:00:00
us-cert.cisa.gov
9

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

The Internet Systems Consortium (ISC) has released three advisories to address multiple vulnerabilities affecting BIND.

The first advisory, CVE-2010-3613, addresses a vulnerability in BIND versions 9.6.2 to 9.6.2-P2, 9.6-ESV to 9.6-ESV-R2, and 9.70 to 9.7.2-P2. This vulnerability exists when cache incorrectly allows an ncache entry and a rrsig for the same type. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#706148.

The second advisory, CVE-2010-3614, addresses a vulnerability in BIND versions 9.0.x to 9.7.2-P2, 9.4-ESV to 9.4-ESV-R3, and 9.6-ESV to 9.6-ESV-R2. This vulnerability exists when “named” incorrectly marks zone data as insecure when the zone being queried is undergoing a key algorithm rollover. Exploitation of this vulnerability may allow answers to be incorrectly marked as insecure. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#837744.

The third advisory, CVE-2010-3615, addresses a vulnerability in BIND version 9.7.2-P2. This vulnerability is due to the incorrect processing of “allow-query”. Exploitation of this vulnerability may allow a remote attacker to bypass access restrictions. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#510208.

US-CERT encourages users and administrators to review the advisories listed above and apply any necessary updates to help mitigate the risks. Because BIND is often packaged in larger third-party applications or operating system distributions, users and administrators should check with their software vendors for updated versions.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

Related for CISA:F3AC94C11AFBF638C4776B43B99CA3A4