Lucene search

K

Tenable5718.PRM

HistoryDec 01, 2010 - 12:00 a.m.

ISC BIND 9.4-ESV < 9.4-ESV-R4 / 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV-R3 / 9.7.x < 9.7.2-P3 Multiple Vulnerabilities

2010-12-0100:00:00

Tenable

www.tenable.com

10

The remote host is running BIND, and open source name server.

Versions of BIND 9.4-ESV < 9.4-ESV-R4, 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV < R3, and 9.7.x < 9.7.2-P3 are potentially affected by multiple vulnerabilities :

Failure to clear existing RRSIG records when a NO DATA is negatively cached could cause subsequent lookups to crash named. (CVE-2010-3613)
Named, when acting as a DNSSEC validating resolver, could incorrectly mark zone data as insecure when the zone being queried is undergoing a key algorithm rollover. (CVE-2010-3614)
Using ‘allow-query’ in the ‘options’ or ‘view’ statements to restrict access to authorize zones has no effect. (CVE-2010-3615)

Binary data 5718.prm

VendorProductVersionCPE
iscbindcpe:/a:isc:bind

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615

ftp://ftp.isc.org/isc/bind9/9.4-ESV-R4/RELEASE-NOTES-BIND-9.4-ESV-R4.html

ftp://ftp.isc.org/isc/bind9/9.6-ESV-R3/RELEASE-NOTES-BIND-9.6-ESV-R3.html

ftp://ftp.isc.org/isc/bind9/9.6.2-P3/RELEASE-NOTES-BIND-9.6.2-P3.html

ftp://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html

www.isc.org/software/bind/advisories/cve-2010-3613

www.isc.org/software/bind/advisories/cve-2010-3614

www.isc.org/software/bind/advisories/cve-2010-3615

Related for 5718.PRM

fedora4 nessus26 openvas37 slackware1 cisa1 securityvulns5 ubuntu1 redhat3 oraclelinux3 cert3 debian1 centos2 osv1 gentoo1 f56 veracode2 debiancve3 ubuntucve3 prion3 cve3 vmware2 nmap1