PT-2012-3429 · Isc+5 · Isc Bind+5

Publicado

2012-06-05

Atualizado

2024-06-15

CVE-2012-1667

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.4-ESV through 9.6-ESV-R7-P1 ISC BIND versions 9.7.x through 9.7.6-P1 ISC BIND versions 9.8.x through 9.8.3-P1 ISC BIND versions 9.9.x through 9.9.1-P1

Description The issue arises from improper handling of resource records with a zero-length RDATA section, allowing remote DNS servers to cause a denial of service, such as daemon crash or data corruption, or obtain sensitive information from process memory via a specifically crafted record.

Recommendations For ISC BIND versions 9.4-ESV through 9.6-ESV-R7-P1, update to version 9.6-ESV-R7-P1 or later. For ISC BIND versions 9.7.x through 9.7.6-P1, update to version 9.7.6-P1 or later. For ISC BIND versions 9.8.x through 9.8.3-P1, update to version 9.8.3-P1 or later. For ISC BIND versions 9.9.x through 9.9.1-P1, update to version 9.9.1-P1 or later.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CESA-2012_0716

CVE-2012-1667

DSA-2486-1

HPSBUX02795

OPENSUSE-SU-2012_0722-1

OPENSUSE-SU-2024:10467-1

RHSA-2012:0716

RHSA-2012:0717

RHSA-2012:1110

RHSA-2012_0716

RHSA-2012_0717

SUSE-SU-2012_0741-1

SUSE-SU-2012_0741-2

SUSE-SU-2012_0741-3

SUSE-SU-2012_0741-4

SUSE-SU-2012_0741-5

SUSE-SU-2015:0011-2

SUSE-SU-2015:0480-1

Produtos afetados

Bind Server

Centos

Hp-Ux

Isc Bind

Red Hat

Suse

PT-2012-3429 · Isc+5 · Isc Bind+5

CVE-2012-1667

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 85