CVE-2010-3614

Name of the Vulnerable Software and Affected Versions ISC BIND 9.x versions prior to 9.6.2-P3 ISC BIND 9.x versions prior to 9.7.2-P3 ISC BIND 9.4-ESV versions prior to 9.4-ESV-R4 ISC BIND 9.6-ESV versions prior to 9.6-ESV-R3 libdns58 (affected versions not specified) libisccc50 (affected versions not specified) libisccfg50 (affected versions not specified) libisc50 (affected versions not specified) liblwres50 (affected versions not specified) lwresd (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the mentioned packages of the Debian GNU/Linux operating system, which can lead to a disruption of the integrity and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, there is an issue with the named service in ISC BIND 9.x, where it does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, potentially allowing remote attackers to cause a denial of service by triggering a rollover.

Recommendations For ISC BIND 9.x versions prior to 9.6.2-P3, update to version 9.6.2-P3 or later. For ISC BIND 9.x versions prior to 9.7.2-P3, update to version 9.7.2-P3 or later. For ISC BIND 9.4-ESV versions prior to 9.4-ESV-R4, update to version 9.4-ESV-R4 or later. For ISC BIND 9.6-ESV versions prior to 9.6-ESV-R3, update to version 9.6-ESV-R3 or later. For libdns58, libisccc50, libisccfg50, libisc50, liblwres50, and lwresd, at the moment, there is no information about a newer version that contains a fix for this vulnerability.