SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1027529
SecurityTracker URL:  http://securitytracker.com/id/1027529
CVE Reference:   CVE-2012-4244   (Links to External Site)
Date:  Sep 13 2012
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 9.0.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7-P2, 9.7.0->9.7.6-P2, 9.8.0->9.8.3-P2, 9.9.0->9.9.1-P2
Description:   A vulnerability was reported in ISC BIND. A remote user can cause denial of service conditions.

A remote user can send a query for a record that has RDATA in excess of 65535 bytes to cause named to exit.

This can be exploited against recursive servers by causing the server to query for records provided by an authoritative server.

Authoritative servers are affected if a zone containing a specially crafted resource record is loaded from file or provided via zone transfer.

Impact:   A remote user can cause the target named service to crash.
Solution:   The vendor has issued a fix (9.7.6-P3, 9.7.7, 9.6-ESV-R7-P3, 9.6-ESV-R8, 9.8.3-P3, 9.8.4, 9.9.1-P3, 9.9.2).

The vendor's advisory is available at:

https://kb.isc.org/article/AA-00778/74

Vendor URL:  kb.isc.org/article/AA-00778/74 (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 14 2012 (Red Hat Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for bind97 for Red Hat Enterprise Linux 5.
Sep 14 2012 (Red Hat Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Sep 14 2012 (Red Hat Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Oct 5 2012 (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
McAfee has issued a fix for McAfee Firewall Enterprise.
Oct 11 2012 (Oracle Issues Fix for Solaris) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
Oracle has issued a fix for Solaris 9, 10, and 11.
Oct 12 2012 (Red Hat Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 4.
Nov 23 2012 (FreeBSD Issues Fix) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
FreeBSD has issued a fix for FreeBSD 7.4, 8.3, 9.0, and 9.1.
Feb 12 2013 (F5 Issues Fix for F5 Enterprise Manager) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
F5 has issued a fix for F5 Enterprise Manager.
Feb 12 2013 (F5 Issues Fix for BIG-IP) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
F5 has issued a fix for F5 BIG-IP.
Dec 28 2013 (Infoblox Issues Fix for Infoblox NIOS) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
Infoblox has issued a fix for Infoblox NIOS.
Dec 17 2014 (HP Issues Fix for TCP/IP Services for OpenVMS) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for TCP/IP Services for OpenVMS.
Jan 29 2016 (HP Issues Fix for OpenVMS) ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
HP has issued a fix for OpenVMS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC