PT-2012-3429 · Isc+5 · Isc Bind+5

Published

2012-06-05

Updated

2024-06-15

CVE-2012-1667

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions ISC BIND versions 9.4-ESV through 9.6-ESV-R7-P1 ISC BIND versions 9.7.x through 9.7.6-P1 ISC BIND versions 9.8.x through 9.8.3-P1 ISC BIND versions 9.9.x through 9.9.1-P1

Description The issue arises from improper handling of resource records with a zero-length RDATA section, allowing remote DNS servers to cause a denial of service, such as daemon crash or data corruption, or obtain sensitive information from process memory via a specifically crafted record.

Recommendations For ISC BIND versions 9.4-ESV through 9.6-ESV-R7-P1, update to version 9.6-ESV-R7-P1 or later. For ISC BIND versions 9.7.x through 9.7.6-P1, update to version 9.7.6-P1 or later. For ISC BIND versions 9.8.x through 9.8.3-P1, update to version 9.8.3-P1 or later. For ISC BIND versions 9.9.x through 9.9.1-P1, update to version 9.9.1-P1 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CESA-2012_0716

CVE-2012-1667

DSA-2486-1

HPSBUX02795

OPENSUSE-SU-2012_0722-1

OPENSUSE-SU-2024:10467-1

RHSA-2012:0716

RHSA-2012:0717

RHSA-2012:1110

RHSA-2012_0716

RHSA-2012_0717

SUSE-SU-2012_0741-1

SUSE-SU-2012_0741-2

SUSE-SU-2012_0741-3

SUSE-SU-2012_0741-4

SUSE-SU-2012_0741-5

SUSE-SU-2015:0011-2

SUSE-SU-2015:0480-1

Affected Products

Bind Server

Centos

Hp-Ux

Isc Bind

Red Hat

Suse

PT-2012-3429 · Isc+5 · Isc Bind+5

CVE-2012-1667

Weakness Enumeration

Related Identifiers

Affected Products

References · 85