PT-2011-3470 · Isc+3 · Isc Bind+3
Published
2011-05-31
·
Updated
2024-06-15
·
CVE-2011-1910
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
ISC BIND versions prior to 9.7.3-P1
ISC BIND 9.8.x versions prior to 9.8.0-P2
ISC BIND 9.4-ESV versions prior to 9.4-ESV-R4-P1
ISC BIND 9.6-ESV versions prior to 9.6-ESV-R4-P1
Description
The issue is caused by an off-by-one error in named, allowing remote DNS servers to cause a denial of service through a negative response containing large RRSIG RRsets, resulting in an assertion failure and daemon exit.
Recommendations
For ISC BIND versions prior to 9.7.3-P1, update to version 9.7.3-P1 or later.
For ISC BIND 9.8.x versions prior to 9.8.0-P2, update to version 9.8.0-P2 or later.
For ISC BIND 9.4-ESV versions prior to 9.4-ESV-R4-P1, update to version 9.4-ESV-R4-P1 or later.
For ISC BIND 9.6-ESV versions prior to 9.6-ESV-R4-P1, update to version 9.6-ESV-R4-P1 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bind Server
Hp-Ux
Isc Bind
Red Hat