ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities Network Vulnerability

Summary

ISC BIND is prone to multiple vulnerabilities. 1. A remote denial-of-service vulnerability because the software fails to handle certain bad signatures in a DNS query. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. 2. A security-bypass vulnerability. Successfully exploiting this issue allows remote attackers to bypass zone-and-view Access Control Lists (ACLs) to perform unintended queries. Versions prior to BIND 9.7.2-P2 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
http://support.avaya.com/css/P8/documents/100124923
http://www.isc.org/products/BIND/
https://www.isc.org/software/bind/advisories/cve-2010-3615
https://www.redhat.com/security/data/cve/CVE-2010-3762.html
https://www.securityfocus.com/bid/45015
https://www.securityfocus.com/bid/45385

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3762, CVE-2010-4172

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
Apache Tomcat XML External Entity Information Disclosure Vulnerability
Apache Tomcat servlet/JSP container default files
Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)

Take action and discover your vulnerabilities