Denial Of Service (DoS)

2019-01-1509:06:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

bind is vulnerable to denial of service (DoS) attacks. The vulnerability exists as name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

CPENameOperatorVersion
bindeq9.7.0__5.P2.el6
bindeq9.7.0__5.P2.el6_0.1
bindeq9.8.2__0.10.rc1.el6_3.4
bindeq9.7.3__8.P3.el6_2.3
bindeq9.8.2__0.17.rc1.el6.3
bindeq9.8.2__0.30.rc1.el6
bindeq9.8.2__0.10.rc1.el6_3.5
bindeq9.7.3__2.el6_1.P1.1
bindeq9.8.2__0.10.rc1.el6_3.2
bindeq9.8.2__0.17.rc1.el6_4.4

Name	Operator	Version
bind	eq	9.7.0__5.P2.el6
bind	eq	9.7.0__5.P2.el6_0.1
bind	eq	9.8.2__0.10.rc1.el6_3.4
bind	eq	9.7.3__8.P3.el6_2.3
bind	eq	9.8.2__0.17.rc1.el6.3
bind	eq	9.8.2__0.30.rc1.el6
bind	eq	9.8.2__0.10.rc1.el6_3.5
bind	eq	9.7.3__2.el6_1.P1.1
bind	eq	9.8.2__0.10.rc1.el6_3.2
bind	eq	9.8.2__0.17.rc1.el6_4.4