Lucene search

K
gentooGentoo FoundationGLSA-201502-03
HistoryFeb 07, 2015 - 12:00 a.m.

BIND: Multiple Vulnerabilities

2015-02-0700:00:00
Gentoo Foundation
security.gentoo.org
17

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.877 High

EPSS

Percentile

98.7%

Background

BIND (Berkeley Internet Name Domain) is a Name Server.

Description

Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker can cause a denial of service condition by the lack of GeoIP databases, or via a large or infinite number of referrals.

Workaround

There is no known workaround at this time.

Resolution

All bind users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.1_p1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-dns/bind< 9.10.1_p1UNKNOWN

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.877 High

EPSS

Percentile

98.7%