Lucene search
Gentoo FoundationGLSA-201209-04HistorySep 24, 2012 - 12:00 a.m.
BIND: Multiple vulnerabilities
2012-09-2400:00:00
Gentoo Foundation
security.gentoo.org
17
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
0.904 High
EPSS
Percentile
98.8%
Background
BIND is the Berkeley Internet Name Domain Server.
Description
Multiple vulnerabilities have been discovered in BIND:
- Domain names are not properly revoked due to an error in the cache update policy (CVE-2012-1033).
- BIND accepts records with zero-length RDATA fields (CVE-2012-1667).
- An assertion failure from the failing-query cache could occur when DNSSEC validation is enabled (CVE-2012-3817).
- A memory leak may occur under high TCP query loads (CVE-2012-3868).
- An assertion error can occur when a query is performed for a record with RDATA greater than 65535 bytes (CVE-2012-4244).
Impact
A remote attacker may be able to cause a Denial of Service condition or keep domain names resolvable after it has been deleted from registration.
Workaround
There is no known workaround at this time.
Resolution
All BIND users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.1_p3"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-dns/bind | < 9.9.1_p3 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 201209-04 (bind)
2012-09-26 00:00:00
Gentoo Security Advisory GLSA 201209-04 (bind)
2012-09-26 00:00:00
Fedora Update for bind FEDORA-2012-11146
2012-08-30 00:00:00
nessus
nessus
GLSA-201209-04 : BIND: Multiple vulnerabilities
2012-09-24 00:00:00
ISC BIND 9 Multiple Denial of Service Vulnerabilities
2012-07-25 00:00:00
Oracle Linux 5 / 6 : bind (ELSA-2012-0716)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: bind-9.9.1-5.P2.fc17
2012-08-09 23:14:49
[SECURITY] Fedora 17 Update: bind-9.9.1-9.P3.fc17
2012-09-23 03:28:42
[SECURITY] Fedora 16 Update: bind-9.8.3-3.P2.fc16
2012-08-09 22:53:15
threatpost
threatpost
Six Security Flaws Fixed in BIND 9.9.2
2012-12-05 16:15:32
redhat
redhat
(RHSA-2012:0716) Important: bind security update
2012-06-07 00:00:00
(RHSA-2012:0717) Important: bind97 security update
2012-06-07 00:00:00
(RHSA-2012:1122) Important: bind97 security update
2012-07-31 00:00:00
amazon
amazon
Important: bind
2012-06-10 11:47:00
Important: bind
2012-08-03 15:55:00
oraclelinux
oraclelinux
bind security update
2012-06-07 00:00:00
bind97 security update
2012-06-07 00:00:00
bind security and enhancement update
2013-02-28 00:00:00
centos
centos
bind97 security update
2012-06-07 17:22:36
bind, caching security update
2012-06-07 17:23:50
bind97 security update
2012-07-31 09:13:31
slackware
slackware
[slackware-security] bind
2012-06-14 23:45:02
[slackware-security] bind
2012-12-07 03:50:45
ubuntu
ubuntu
Bind vulnerabilities
2012-06-05 00:00:00
Bind vulnerability
2012-07-26 00:00:00
f5
f5
SOL15481 - BIND vulnerability CVE-2012-1033
2014-08-07 00:00:00
K15481 : BIND vulnerability CVE-2012-1033
2014-08-29 00:00:00
SOL15739 - BIND vulnerability CVE-2012-3868
2014-10-23 00:00:00
veracode
veracode
Insecure Caching
2019-01-15 08:51:44
seebug
seebug
ISC BIND安全限制绕过漏洞(CVE-2012-1033)
2012-02-09 00:00:00
ISC BIND 9 DNSSEC验证远程拒绝服务漏洞
2012-07-25 00:00:00
ISC BIND 9 DNS资源记录处理远程拒绝服务漏洞
2012-06-05 00:00:00
cve
cve
CVE-2012-1033
2012-02-08 20:55:00
CVE-2012-3868
2012-07-25 10:42:00
cert
cert
ISC BIND 9 resolver cache vulnerability
2012-02-08 00:00:00
ISC BIND 9 zero length rdata named vulnerability
2012-06-04 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
prion
prion
Race condition
2012-07-25 10:42:00
Code injection
2012-02-08 20:55:00
Design/Logic Flaw
2012-07-25 10:42:00
securityvulns
securityvulns
ISC bind DoS
2012-07-29 00:00:00
[USN-1518-1] Bind vulnerability
2012-07-29 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:05.bind
2012-08-06 00:00:00
FreeBSD-SA-12:03.bind
2012-06-12 00:00:00
debian
debian
[SECURITY] [DSA 2517-1] bind9 security update
2012-07-30 20:10:06
[SECURITY] [DSA 2486-1] bind9 security update
2012-06-05 21:08:48
[SECURITY] [DSA 2547-1] bind9 security update
2012-09-12 20:07:48
freebsd
freebsd
FreeBSD -- named(8) DNSSEC validation Denial of Service
2012-07-24 00:00:00
dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure
2012-07-24 00:00:00
dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory
2012-06-04 00:00:00
suse
suse
Security update for bind (important)
2012-06-27 20:08:24
Security update for bind (important)
2012-07-13 21:08:39
Security update for bind (important)
2012-06-16 03:08:28
vmware
vmware
VMware security updates for vSphere API and ESX Service Console
2012-11-15 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC BIND Zero Length RDATA Denial of Service (CVE-2012-1667)
2012-09-04 00:00:00
ISC BIND Zero Length RDATA Denial of Service - Ver2 (CVE-2012-1667)
2012-02-12 00:00:00
aix
aix
Vulnerability in AIX bind
2012-07-13 13:28:29
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
0.904 High
EPSS
Percentile
98.8%
Related for GLSA-201209-04