SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1026335
SecurityTracker URL:  http://securitytracker.com/id/1026335
CVE Reference:   CVE-2011-4313   (Links to External Site)
Date:  Nov 17 2011
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.4-ESV, 9.6-ESV, 9.7.x, 9.8.x
Description:   A vulnerability was reported in ISC BIND. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to cause the target BIND service to cache an invalid record. A subsequent query can trigger an error in 'query.c' and cause BIND to crash.
Impact:   A remote user can cause the target BIND service to crash.
Solution:   The vendor has issued a fix (9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1).

The vendor's advisory is available at:

https://www.isc.org/software/bind/advisories/cve-2011-4313
Vendor URL:  www.isc.org/software/bind/advisories/cve-2011-4313 (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 17 2011 (Red Hat Issues Fix) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Nov 17 2011 (Red Hat Issues Fix) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for bind97 for Red Hat Enterprise Linux 5.
Nov 22 2011 (IBM Issues Fix for AIX) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
IBM has issued a fix for AIX.
Nov 29 2011 (Oracle Issues Fix for Solaris) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Solaris 8, 9, 10, and 11.
Nov 29 2011 (Red Hat Issues Fix) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 4.
Dec 17 2011 (NetBSD Issues Fix) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
NetBSD has issued a fix for NetBSD 4.0, 5.0, and 5.1.
Dec 23 2011 (FreeBSD Issues Fix) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 7.3, 7.4, 8.1, 8.2, and 9.0-RC3.
Dec 29 2011 (IBM Issues Fix for AIX) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
IBM has issued a fix for AIX 5.3, 6.1, and 7.1.
Jun 14 2012 (HP Issues Fix for OpenVMS) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
HP has issued a fix for OpenVMS.
Sep 20 2012 (HP Issues Fix for HP-UX) ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
HP has issued a fix for HP-UX.


 Source Message Contents
Date:  Thu, 17 Nov 2011 07:08:39 +0000
Subject:  BIND


https://www.isc.org/software/bind/advisories/cve-2011-4313

CVE-2011-4313


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC