Lucene search

K
osvGoogleOSV:DSA-2130-1
HistoryDec 10, 2010 - 12:00 a.m.

bind9 - denial of service

2010-12-1000:00:00
Google
osv.dev
16

EPSS

0.054

Percentile

93.2%

Several remote vulnerabilities have been discovered in BIND, an
implementation of the DNS protocol suite. The Common Vulnerabilities
and Exposures project identifies the following problems:

  • CVE-2010-3762
    When DNSSEC validation is enabled, BIND does not properly
    handle certain bad signatures if multiple trust anchors exist
    for a single zone, which allows remote attackers to cause a
    denial of service (server crash) via a DNS query.
  • CVE-2010-3614
    BIND does not properly determine the security status of an NS
    RRset during a DNSKEY algorithm rollover, which may lead to
    zone unavailability during rollovers.
  • CVE-2010-3613
    BIND does not properly handle the combination of signed
    negative responses and corresponding RRSIG records in the
    cache, which allows remote attackers to cause a denial of
    service (server crash) via a query for cached data.

In addition, this security update improves compatibility with
previously installed versions of the bind9 package. As a result, it
is necessary to initiate the update with β€œapt-get dist-upgrade”
instead of β€œapt-get update”.

For the stable distribution (lenny), these problems have been fixed in
version 1:9.6.ESV.R3+dfsg-0+lenny1.

For the upcoming stable distribution (squeeze) and the unstable
distribution (sid), these problems have been fixed in version
1:9.7.2.dfsg.P3-1.

We recommend that you upgrade your bind9 packages.