National Cyber Awareness System

Vulnerability Summary for CVE-2011-1910

Overview

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#795694

Name: VU#795694

Hyperlink:http://www.kb.cert.org/vuls/id/795694

External Source: CONFIRM

Name: https://www.isc.org/software/bind/advisories/cve-2011-1910

Type: Advisory

Hyperlink:https://www.isc.org/software/bind/advisories/cve-2011-1910

External Source: SUSE

Name: openSUSE-SU-2011:0603

Hyperlink:https://hermes.opensuse.org/messages/8699912

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=708301

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=708301

External Source: SECTRACK

Name: 1025572

Hyperlink:http://www.securitytracker.com/id?1025572

External Source: BID

Name: 48007

Hyperlink:http://www.securityfocus.com/bid/48007

External Source: REDHAT

Name: RHSA-2011:0845

Hyperlink:http://www.redhat.com/support/errata/RHSA-2011-0845.html

External Source: MANDRIVA

Name: MDVSA-2011:104

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:104

External Source: DEBIAN

Name: DSA-2244

Hyperlink:http://www.debian.org/security/2011/dsa-2244

External Source: CONFIRM

Name: http://support.apple.com/kb/HT5002

Hyperlink:http://support.apple.com/kb/HT5002

External Source: SLACKWARE

Name: SSA:2011-147-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.685026

External Source: FREEBSD

Name: FreeBSD-SA-11:02

Hyperlink:http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc

External Source: SECUNIA

Name: 44929

Hyperlink:http://secunia.com/advisories/44929

External Source: SECUNIA

Name: 44783

Hyperlink:http://secunia.com/advisories/44783

External Source: SECUNIA

Name: 44762

Hyperlink:http://secunia.com/advisories/44762

External Source: SECUNIA

Name: 44758

Hyperlink:http://secunia.com/advisories/44758

External Source: SECUNIA

Name: 44744

Hyperlink:http://secunia.com/advisories/44744

External Source: SECUNIA

Name: 44741

Hyperlink:http://secunia.com/advisories/44741

External Source: SECUNIA

Name: 44719

Type: Advisory

Hyperlink:http://secunia.com/advisories/44719

External Source: SECUNIA

Name: 44677

Hyperlink:http://secunia.com/advisories/44677

External Source: OSVDB

Name: 72540

Hyperlink:http://osvdb.org/72540

External Source: FEDORA

Name: FEDORA-2011-7621

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html

External Source: FEDORA

Name: FEDORA-2011-7602

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html

External Source: FEDORA

Name: FEDORA-2011-7617

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html

External Source: APPLE

Name: APPLE-SA-2011-10-12-3

Hyperlink:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html