Executive Summary

Informations
Name CVE-2012-3429 First vendor Publication 2012-08-07
Vendor Cve Last vendor Modification 2017-08-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3429

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21570
 
Oval ID: oval:org.mitre.oval:def:21570
Title: RHSA-2012:1139: bind-dyndb-ldap security update (Important)
Description: The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
Family: unix Class: patch
Reference(s): RHSA-2012:1139-01
CESA-2012:1139
CVE-2012-3429
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): bind-dyndb-ldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23991
 
Oval ID: oval:org.mitre.oval:def:23991
Title: ELSA-2012:1139: bind-dyndb-ldap security update (Important)
Description: The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
Family: unix Class: patch
Reference(s): ELSA-2012:1139-01
CVE-2012-3429
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): bind-dyndb-ldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27546
 
Oval ID: oval:org.mitre.oval:def:27546
Title: DEPRECATED: ELSA-2012-1139 -- bind-dyndb-ldap security update (important)
Description: [1.1.0-0.9.b1.1] - fix CVE-2012-3429
Family: unix Class: patch
Reference(s): ELSA-2012-1139
CVE-2012-3429
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): bind-dyndb-ldap
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9

OpenVAS Exploits

Date Description
2012-10-23 Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_bind-dyndb-ldap_fc17.nasl
2012-10-23 Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_bind-dyndb-ldap_fc16.nasl
2012-08-30 Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-11470
File : nvt/gb_fedora_2012_11470_bind-dyndb-ldap_fc17.nasl
2012-08-21 Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-11464
File : nvt/gb_fedora_2012_11464_bind-dyndb-ldap_fc16.nasl
2012-08-03 Name : CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6
File : nvt/gb_CESA-2012_1139_bind-dyndb-ldap_centos6.nasl
2012-08-03 Name : RedHat Update for bind-dyndb-ldap RHSA-2012:1139-01
File : nvt/gb_RHSA-2012_1139-01_bind-dyndb-ldap.nasl

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2012-1139.nasl - Type : ACT_GATHER_INFO
2012-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-11464.nasl - Type : ACT_GATHER_INFO
2012-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-11470.nasl - Type : ACT_GATHER_INFO
2012-08-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120803_bind_dyndb_ldap_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-03 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2012-1139.nasl - Type : ACT_GATHER_INFO
2012-08-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1139.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/54787
CONFIRM http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c29...
MISC https://bugzilla.redhat.com/show_bug.cgi?id=842466
MLIST http://www.openwall.com/lists/oss-security/2012/08/02/5
REDHAT http://rhn.redhat.com/errata/RHSA-2012-1139.html
SECTRACK http://www.securitytracker.com/id?1027341
SECUNIA http://secunia.com/advisories/50086
http://secunia.com/advisories/50159
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/77391

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-04 12:21:05
  • Multiple Updates
2021-04-22 01:25:12
  • Multiple Updates
2020-05-23 01:49:14
  • Multiple Updates
2020-05-23 00:34:10
  • Multiple Updates
2017-08-29 09:23:56
  • Multiple Updates
2016-04-26 22:04:31
  • Multiple Updates
2014-02-17 11:11:41
  • Multiple Updates
2013-05-10 22:42:30
  • Multiple Updates