fkie_cve-2010-3613
Vulnerability from fkie_nvd
Published
2010-12-06 13:44
Modified
2025-04-11 00:51
Severity ?
Summary
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
isc | bind | 9.6 | |
isc | bind | 9.6 | |
isc | bind | 9.6 | |
isc | bind | 9.6.2 | |
isc | bind | 9.6.2 | |
isc | bind | 9.6.2 | |
isc | bind | 9.6.2 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.0 | |
isc | bind | 9.7.1 | |
isc | bind | 9.7.1 | |
isc | bind | 9.7.1 | |
isc | bind | 9.7.1 | |
isc | bind | 9.7.1 | |
isc | bind | 9.7.2 | |
isc | bind | 9.7.2 | |
isc | bind | 9.7.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:isc:bind:9.6:*:*:*:esv:*:*:*", "matchCriteriaId": "6C8BE53C-2A4A-4959-AA97-5ABC04CC0E72", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.6:r1:*:*:esv:*:*:*", "matchCriteriaId": "2677A691-12FF-40D9-90FD-772CE3C5A9B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.6:r2:*:*:esv:*:*:*", "matchCriteriaId": "D8A7089F-C797-4024-AFC1-E0E6458DE848", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EC25639-482D-4574-B43B-497DDD8998B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.6.2:b1:*:*:*:*:*:*", "matchCriteriaId": "C1B514E2-DC9A-4D6D-8D55-908A066872E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.6.2:p1:*:*:*:*:*:*", "matchCriteriaId": "3E8097FD-5728-4C2F-9DD8-8C8F0FB0E00B", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.6.2:p2:*:*:*:*:*:*", "matchCriteriaId": "9E0E3C04-D9DA-4D41-84CB-56874F8807FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5B178BB5-A0DC-4014-A8CC-D89B0E2F9789", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:a1:*:*:*:*:*:*", "matchCriteriaId": "1922EC10-F75A-41A5-B8AF-CDDCAA07A8B2", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:a2:*:*:*:*:*:*", "matchCriteriaId": "D243C684-DD10-4F84-8806-A5E9BEBC3204", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:a3:*:*:*:*:*:*", "matchCriteriaId": "B0FC1DDA-B027-47C2-93CD-67013CB56388", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*", "matchCriteriaId": "1BE753CB-A16D-4605-8640-137CD4A2BB16", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:b2:*:*:*:*:*:*", "matchCriteriaId": "037075F9-53E3-4DF6-B5C0-A6D1F5B60E6B", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:b3:*:*:*:*:*:*", "matchCriteriaId": "886DF882-E3F9-46E9-BC62-0A48292654D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*", "matchCriteriaId": "5B5F1155-78D6-480B-BC0A-1D36B08D2594", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*", "matchCriteriaId": "A11247D0-A33E-4CE5-910A-F38B89C63EC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E9478F4E-451D-4B4E-8054-E09522F97C59", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "87393BF8-9FE3-4501-94CA-A1AA9E38E771", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FC642B5-ACA4-4764-A9F2-3C87D5D8E9E0", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.1:b1:*:*:*:*:*:*", "matchCriteriaId": "1BD7DAD0-A750-48B1-A354-BB369BAE1C19", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*", "matchCriteriaId": "A16CE093-38E0-4274-AD53-B807DE72AF91", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*", "matchCriteriaId": "2FB97DEB-A0A4-458C-A94B-46B7264AB0F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "BFDF6597-7131-4080-BCFC-46032138646C", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "881B8C5B-8A66-45AC-85E6-758B8A8153BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*", "matchCriteriaId": "4E2D144E-6A15-4B45-8B15-15B60FB33D71", "vulnerable": true }, { "criteria": "cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*", "matchCriteriaId": "B5690EC8-66C9-4316-BEAB-C218843F7FCC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data." }, { "lang": "es", "value": "named en ISC BIND 9.6.2 anteriores a 9.6.2-P3, 9.6-ESV anteriores a 9.6-ESV-R3, y 9.7.x anteriores a 9.7.2-P3 no maneja apropiadamente la combinaci\u00f3n de respuestas negativas firmadas y los correspondientes registros RRSIG en la cach\u00e9. Lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n de datos de la cach\u00e9." } ], "id": "CVE-2010-3613", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-12-06T13:44:54.033", "references": [ { "source": "cret@cert.org", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc" }, { "source": "cret@cert.org", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" }, { "source": "cret@cert.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html" }, { "source": "cret@cert.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html" }, { "source": "cret@cert.org", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html" }, { "source": "cret@cert.org", "url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2" }, { "source": "cret@cert.org", "url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/42374" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/42459" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/42522" }, { "source": "cret@cert.org", "url": "http://secunia.com/advisories/42671" }, { "source": "cret@cert.org", "url": "http://secunia.com/advisories/42707" }, { "source": "cret@cert.org", "url": "http://secunia.com/advisories/43141" }, { "source": "cret@cert.org", "url": "http://securitytracker.com/id?1024817" }, { "source": "cret@cert.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190" }, { "source": "cret@cert.org", "url": "http://support.apple.com/kb/HT5002" }, { "source": "cret@cert.org", "url": "http://support.avaya.com/css/P8/documents/100124923" }, { "source": "cret@cert.org", "url": "http://www.debian.org/security/2010/dsa-2130" }, { "source": "cret@cert.org", "url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://www.isc.org/software/bind/advisories/cve-2010-3613" }, { "source": "cret@cert.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/706148" }, { "source": "cret@cert.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253" }, { "source": "cret@cert.org", "url": "http://www.osvdb.org/69558" }, { "source": "cret@cert.org", "url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html" }, { "source": "cret@cert.org", "url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html" }, { "source": "cret@cert.org", "url": "http://www.redhat.com/support/errata/RHSA-2010-1000.html" }, { "source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded" }, { "source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/45133" }, { "source": "cret@cert.org", "url": "http://www.ubuntu.com/usn/USN-1025-1" }, { "source": "cret@cert.org", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3102" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3103" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3138" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3139" }, { "source": "cret@cert.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3140" }, { "source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2011/0267" }, { "source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2011/0606" }, { "source": "cret@cert.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=130270720601677\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/42374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/42459" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/42522" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42671" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42707" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1024817" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.622190" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/css/P8/documents/100124923" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2130" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.isc.org/software/bind/advisories/cve-2010-3613" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/706148" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:253" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/69558" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-0975.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-0976.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-1000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/45133" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1025-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3102" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3103" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/3140" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0267" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0606" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…