4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.054 Low
EPSS
Percentile
93.0%
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not
properly handle certain bad signatures if multiple trust anchors exist for
a single zone, which allows remote attackers to cause a denial of service
(daemon crash) via a DNS query.
Author | Note |
---|---|
mdeslaur | redhat released updates with change 2869 as fixing it. isc.org says this is a minor issue, setting to “low” |
ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
www.isc.org/community/blog/201010/standardizing-severity-security-vulnerabilities
www.isc.org/software/bind/advisories/cve-2010-3762
launchpad.net/bugs/cve/CVE-2010-3762
nvd.nist.gov/vuln/detail/CVE-2010-3762
security-tracker.debian.org/tracker/CVE-2010-3762
ubuntu.com/security/notices/USN-1139-1
www.cve.org/CVERecord?id=CVE-2010-3762