SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1027642
SecurityTracker URL:  http://securitytracker.com/id/1027642
CVE Reference:   CVE-2012-5166   (Links to External Site)
Date:  Oct 11 2012
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.2.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7-P3, 9.7.0->9.7.6-P3, 9.8.0->9.8.3-P3, 9.9.0->9.9.1-P3
Description:   A vulnerability was reported in ISC BIND. A remote user can cause denial of service conditions.

A remote user can send a request for a record that has been loaded with specific combinations of RDATA to cause the target named service to lock up.

This can be exploited against recursive servers by causing the target recursive server to query for records provided by an authoritative server.

Jake Montgomery of Dyn, Inc. reported this vulnerability.

Impact:   A remote user can cause the target service to lock up and fail to respond to queries or control commands.
Solution:   The vendor has issued a fix (9.6-ESV-R8, 9.6-ESV-R7-P4, 9.7.7, 9.7.6-P4, 9.8.4, 9.8.3-P4, 9.9.2, 9.9.1-P4).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-00801

Vendor URL:  kb.isc.org/article/AA-00801 (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 12 2012 (Red Hat Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Oct 12 2012 (Red Hat Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 4.
Oct 12 2012 (Red Hat Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for bind97 for Red Hat Enterprise Linux 5.
Oct 19 2012 (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
McAfee has issued a fix for McAfee Firewall Enterprise.
Oct 24 2012 (IBM Issues Fix for AIX) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
IBM has issued a fix for IBM AIX.
Oct 24 2012 (Oracle Issues Fix for Solaris) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Solaris.
Nov 23 2012 (FreeBSD Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 7.4, 8.3, 9.0, and 9.1.
Feb 12 2013 (F5 Issues Fix for F5 Enterprise Manager) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
F5 has issued a fix for F5 Enterprise Manager.
Feb 12 2013 (F5 Issues Fix for BIG-IP) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
F5 has issued a fix for F5 BIG-IP.



 Source Message Contents

Date:  Thu, 11 Oct 2012 05:48:37 +0000
Subject:  ISC BIND


https://kb.isc.org/article/AA-00801

CVE-2012-5166: Specially crafted DNS data can cause a lockup in named 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC