Lucene search
RootSSV:20440HistoryApr 02, 2011 - 12:00 a.m.
Bind 9 竞争条件远程拒绝服务漏洞
2011-04-0200:00:00
Root
www.seebug.org
22
EPSS
0.094
Percentile
94.8%
CVE ID: CVE-2011-0414
BIND是一款开放源码的DNS服务器软件,由美国加州大学Berkeley分校开发和维护的,BIND 9在2000年十月份推出。
BIND9在进行请求的处理时存在竞争条件问题,远程攻击者可利用此漏洞导致进程发生死锁导致拒绝服务的情况。
当Bind被配置为权威服务器时,如果进程在处理查询请求的同时执行DDNS更新和增量区传输(IXFR),则会发生竞争条件导致的死锁。
另外,Bind在处理缓存解析器记录的新DNSSEC DS记录时存在问题,可导致名字解析失败。没有使用DNSSEC验证的配置不受此漏洞影响。
Debian bind9
厂商补丁:
Debian
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
nessus
nessus
Debian DSA-2208-1 : bind9 - denial of service
2011-03-31 00:00:00
Ubuntu 10.10 : bind9 vulnerability (USN-1070-1)
2011-02-24 00:00:00
ISC BIND 9.7.1-9.7.2-P3 IXFR / DDNS Update Combined with High Query Rate DoS
2011-02-23 00:00:00
prion
prion
Code injection
2011-02-23 19:00:00
cisa
cisa
Internet System Consortium Releases BIND Advisory
2011-02-23 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC BIND Release Candidate Denial of service - Ver2 (CVE-2011-0414)
2018-07-01 00:00:00
cvelist
cvelist
CVE-2011-0414
2011-02-23 18:00:00
securityvulns
securityvulns
bin IXFR DoS
2011-02-24 00:00:00
[USN-1070-1] Bind vulnerability
2011-02-24 00:00:00
openvas
openvas
ISC BIND IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
2011-02-23 00:00:00
Debian: Security Advisory (DSA-2208-1)
2011-05-12 00:00:00
Ubuntu Update for bind9 vulnerability USN-1070-1
2011-02-28 00:00:00
threatpost
threatpost
New BIND Bug Can Cause Remote Server DoS
2011-02-25 15:21:44
ubuntucve
ubuntucve
CVE-2011-0414
2011-02-22 00:00:00
debian
debian
[SECURITY] [DSA 2208-1] bind9 security update
2011-03-30 19:24:29
nvd
nvd
CVE-2011-0414
2011-02-23 19:00:01
cve
cve
CVE-2011-0414
2011-02-23 19:00:01
osv
osv
bind9 - denial of service
2011-03-30 00:00:00
bind-9.10.3P4-21.1 on GA media
2024-06-15 00:00:00
debiancve
debiancve
CVE-2011-0414
2011-02-23 19:00:01
ubuntu
ubuntu
Bind vulnerability
2011-02-23 00:00:00
cert
cert
gentoo
gentoo
BIND: Multiple vulnerabilities
2012-06-02 00:00:00