CVE-2010-3762

Name of the Vulnerable Software and Affected Versions ISC BIND versions prior to 9.7.2-P2 libisccc50 (affected versions not specified) libisccfg50 (affected versions not specified) liblwres50 (affected versions not specified) libdns58 (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including ISC BIND, which can lead to disruption of integrity and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, when DNSSEC validation is enabled in ISC BIND, it does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, allowing remote attackers to cause a denial of service via a DNS query.

Recommendations For ISC BIND versions prior to 9.7.2-P2, update to version 9.7.2-P2 or later to resolve the issue. For libisccc50, libisccfg50, liblwres50, and libdns58, at the moment, there is no information about a newer version that contains a fix for this vulnerability.