Lucene search

K

Gentoo FoundationMGASA-2014-0013

HistoryJan 17, 2014 - 4:39 a.m.

Updated bind package fixes security vulnerability

2014-01-1704:39:03

Gentoo Foundation

advisories.mageia.org

11

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.637 Medium

EPSS

Percentile

97.8%

Updated bind packages fix security vulnerability: Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an “INSIST” failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones (CVE-2014-0591).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchbind< 9.9.4.P2-1bind-9.9.4.P2-1.mga3

References

bugs.mageia.org/show_bug.cgi?id=12296

kb.isc.org/article/AA-01078

kb.isc.org/article/AA-01080

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.637 Medium

EPSS

Percentile

97.8%