Lucene search

K

[email protected]CVE-2014-0591

HistoryJan 14, 2014 - 4:29 a.m.

CVE-2014-0591

2014-01-1404:29:00

CWE-119

[email protected]

web.nvd.nist.gov

291

isc bind

cve-2014-0591

denial of service

dns

nsec3

named

query.c

isc bind 9.6

isc bind 9.7

isc bind 9.8

isc bind 9.9

6.4 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.637 Medium

EPSS

Percentile

97.8%

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.

CPENameOperatorVersion
isc:bindisc bindeq9.9.4
isc:bindisc bindeq9.8.6
isc:bindisc bindeq9.6.1
isc:bindisc bindeq9.8.4
isc:bindisc bindeq9.8.1
isc:bindisc bindeq9.8.3
isc:bindisc bindeq9.7.5
isc:bindisc bindeq9.7.0
isc:bindisc bindeq9.8.5
isc:bindisc bindeq9.7.2

Rows per page:

1-10 of 211

References

archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

linux.oracle.com/errata/ELSA-2014-1244

lists.fedoraproject.org/pipermail/package-announce/2014-January/126761.html

lists.fedoraproject.org/pipermail/package-announce/2014-January/126772.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html

lists.opensuse.org/opensuse-updates/2014-02/msg00016.html

lists.opensuse.org/opensuse-updates/2014-02/msg00019.html

marc.info/?l=bugtraq&m=138995561732658&w=2

osvdb.org/101973

rhn.redhat.com/errata/RHSA-2014-0043.html

secunia.com/advisories/56425

secunia.com/advisories/56427

secunia.com/advisories/56442

secunia.com/advisories/56493

secunia.com/advisories/56522

secunia.com/advisories/56574

secunia.com/advisories/56871

secunia.com/advisories/61117

secunia.com/advisories/61199

secunia.com/advisories/61343

www.debian.org/security/2014/dsa-3023

www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc

www.mandriva.com/security/advisories?name=MDVSA-2014:002

www.securityfocus.com/bid/64801

www.securitytracker.com/id/1029589

www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391

www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.524465

www.ubuntu.com/usn/USN-2081-1

bugzilla.redhat.com/show_bug.cgi?id=1051717

kb.isc.org/article/AA-01078

kb.isc.org/article/AA-01085

support.apple.com/kb/HT6536

6.4 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.637 Medium

EPSS

Percentile

97.8%