Lucene search

[email protected]CVE-2010-3613

HistoryDec 06, 2010 - 1:44 p.m.

CVE-2010-3613

2010-12-0613:44:54

CWE-264

[email protected]

web.nvd.nist.gov

In Wild

isc bind

denial of service

vulnerability

nvd

cve-2010-3613

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

8.2 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.

Affected configurations

NVD

Node

iscbindMatch9.6esv

iscbindMatch9.6r1esv

iscbindMatch9.6r2esv

iscbindMatch9.6.2

iscbindMatch9.6.2b1

iscbindMatch9.6.2p1

iscbindMatch9.6.2p2

iscbindMatch9.7.0

iscbindMatch9.7.0a1

iscbindMatch9.7.0a2

iscbindMatch9.7.0a3

iscbindMatch9.7.0b1

iscbindMatch9.7.0b2

iscbindMatch9.7.0b3

iscbindMatch9.7.0p1

iscbindMatch9.7.0p2

iscbindMatch9.7.0rc1

iscbindMatch9.7.0rc2

iscbindMatch9.7.1

iscbindMatch9.7.1b1

iscbindMatch9.7.1p1

iscbindMatch9.7.1p2

iscbindMatch9.7.1rc1

iscbindMatch9.7.2

iscbindMatch9.7.2p1

iscbindMatch9.7.2p2

CPENameOperatorVersion
isc:bindisc bindeq9.6
isc:bindisc bindeq9.6.2
isc:bindisc bindeq9.7.0
isc:bindisc bindeq9.7.1
isc:bindisc bindeq9.7.2

CPE	Name	Operator	Version
isc:bind	isc bind	eq	9.6
isc:bind	isc bind	eq	9.6.2
isc:bind	isc bind	eq	9.7.0
isc:bind	isc bind	eq	9.7.1
isc:bind	isc bind	eq	9.7.2

References

ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html

lists.vmware.com/pipermail/security-announce/2011/000126.html

marc.info/?l=bugtraq&m=130270720601677&w=2

secunia.com/advisories/42374

secunia.com/advisories/42459

secunia.com/advisories/42522

secunia.com/advisories/42671

secunia.com/advisories/42707

secunia.com/advisories/43141

securitytracker.com/id?1024817

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190

support.apple.com/kb/HT5002

support.avaya.com/css/P8/documents/100124923

www.debian.org/security/2010/dsa-2130

www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

www.isc.org/software/bind/advisories/cve-2010-3613

www.kb.cert.org/vuls/id/706148

www.mandriva.com/security/advisories?name=MDVSA-2010:253

www.osvdb.org/69558

www.redhat.com/support/errata/RHSA-2010-0975.html

www.redhat.com/support/errata/RHSA-2010-0976.html

www.redhat.com/support/errata/RHSA-2010-1000.html

www.securityfocus.com/archive/1/516909/100/0/threaded

www.securityfocus.com/bid/45133

www.ubuntu.com/usn/USN-1025-1

www.vmware.com/security/advisories/VMSA-2011-0004.html

www.vupen.com/english/advisories/2010/3102

www.vupen.com/english/advisories/2010/3103

www.vupen.com/english/advisories/2010/3138

www.vupen.com/english/advisories/2010/3139

www.vupen.com/english/advisories/2010/3140

www.vupen.com/english/advisories/2011/0267

www.vupen.com/english/advisories/2011/0606

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

8.2 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2010-3613

nessus27 cert2 openvas36 centos2 veracode1 ubuntucve1 prion1 oraclelinux3 f52 debiancve1 cvelist1 redhat3 nvd1 ubuntu1 fedora4 securityvulns5 slackware1 osv1 cisa1 debian1 vmware2 gentoo1