Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:0683
HistoryMay 21, 2012 - 12:00 a.m.

(RHSA-2012:0683) Important: bind-dyndb-ldap security update

2012-05-2100:00:00
access.redhat.com
10

0.012 Low

EPSS

Percentile

85.5%

JSON

The dynamic LDAP back end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates
and internal caching that help to reduce the load on LDAP servers.

A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a
remote attacker were able to send DNS queries to a named server that is
configured to use bind-dyndb-ldap, they could trigger such an error with a
DNS query leveraging bind-dyndb-ldap’s insufficient escaping of the LDAP
base DN (distinguished name). This would result in an invalid LDAP query
that named would retry in a loop, preventing it from responding to other
DNS queries. With this update, bind-dyndb-ldap only attempts to retry one
time when an LDAP search returns an unexpected error. (CVE-2012-2134)

Red Hat would like to thank Ronald van Zantvoort for reporting this issue.

All bind-dyndb-ldap users should upgrade to this updated package, which
contains a backported patch to correct this issue. For the update to take
effect, the named service must be restarted.

OSVersionArchitecturePackageVersionFilename
RedHat6i686bind-dyndb-ldap-debuginfo< 0.2.0-7.el6_2.1bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.i686.rpm
RedHat6ppc64bind-dyndb-ldap-debuginfo< 0.2.0-7.el6_2.1bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.ppc64.rpm
RedHat6ppc64bind-dyndb-ldap< 0.2.0-7.el6_2.1bind-dyndb-ldap-0.2.0-7.el6_2.1.ppc64.rpm
RedHat6s390xbind-dyndb-ldap-debuginfo< 0.2.0-7.el6_2.1bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.s390x.rpm
RedHat6s390xbind-dyndb-ldap< 0.2.0-7.el6_2.1bind-dyndb-ldap-0.2.0-7.el6_2.1.s390x.rpm
RedHat6srcbind-dyndb-ldap< 0.2.0-7.el6_2.1bind-dyndb-ldap-0.2.0-7.el6_2.1.src.rpm
RedHat6x86_64bind-dyndb-ldap< 0.2.0-7.el6_2.1bind-dyndb-ldap-0.2.0-7.el6_2.1.x86_64.rpm
RedHat6i686bind-dyndb-ldap< 0.2.0-7.el6_2.1bind-dyndb-ldap-0.2.0-7.el6_2.1.i686.rpm
RedHat6x86_64bind-dyndb-ldap-debuginfo< 0.2.0-7.el6_2.1bind-dyndb-ldap-debuginfo-0.2.0-7.el6_2.1.x86_64.rpm

Related

nessus 8
openvas 19
cve 1
centos 1
fedora 7
nvd 1
debiancve 1
oraclelinux 1
veracode 1
cvelist 1
prion 1
nessus
nessus
RHEL 6 : bind-dyndb-ldap (RHSA-2012:0683)
2012-05-22 00:00:00
Scientific Linux Security Update : bind-dyndb-ldap on SL6.x i386/x86_64 (20120521)
2012-08-01 00:00:00
Oracle Linux 6 : bind-dyndb-ldap (ELSA-2012-0683)
2013-07-12 00:00:00
openvas
openvas
Fedora Update for bind-dyndb-ldap FEDORA-2012-6722
2012-05-17 00:00:00
Fedora Update for bind-dyndb-ldap FEDORA-2012-6759
2012-05-17 00:00:00
Oracle: Security Advisory (ELSA-2012-0683)
2015-10-06 00:00:00
cve
cve
CVE-2012-2134
2014-02-26 15:55:08
centos
centos
bind security update
2012-05-21 22:49:33
fedora
fedora
[SECURITY] Fedora 15 Update: bind-dyndb-ldap-1.1.0-0.11.rc1.fc15
2012-05-15 23:24:57
[SECURITY] Fedora 16 Update: bind-dyndb-ldap-1.1.0-0.11.rc1.fc16
2012-05-15 23:24:40
[SECURITY] Fedora 17 Update: bind-dyndb-ldap-1.1.0-0.11.rc1.fc17
2012-05-26 07:58:21
nvd
nvd
CVE-2012-2134
2014-02-26 15:55:08
debiancve
debiancve
CVE-2012-2134
2014-02-26 15:55:08
oraclelinux
oraclelinux
bind-dyndb-ldap security update
2012-05-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:30
cvelist
cvelist
CVE-2012-2134
2014-02-26 15:00:00
prion
prion
Design/Logic Flaw
2014-02-26 15:55:00

0.012 Low

EPSS

Percentile

85.5%

JSON
Related for RHSA-2012:0683
nessus8openvas19cve1centos1fedora7nvd1debiancve1oraclelinux1veracode1cvelist1prion1