Executive Summary
Summary | |
---|---|
Title | Bind vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1070-1 | First vendor Publication | 2011-02-23 |
Vendor | Ubuntu | Last vendor Modification | 2011-02-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.10: In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Bind incorrectly handled IXFR transfers and dynamic updates while under heavy load when used as an authoritative server. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. |
Original Source
Url : http://www.ubuntu.com/usn/USN-1070-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12628 | |||
Oval ID: | oval:org.mitre.oval:def:12628 | ||
Title: | DSA-2208-2 bind9 -- denial of service | ||
Description: | The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains. Configurations not using DNSSEC validations are not affected by this usse. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2208-2 CVE-2011-0414 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bind9 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12924 | |||
Oval ID: | oval:org.mitre.oval:def:12924 | ||
Title: | DSA-2208-1 bind9 -- denial of service | ||
Description: | It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer. Such an update while processing a query could result in deadlock and denial of service. In addition, this security update addresses a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains. This workaround applies to the version in oldstable, too. Configurations not using DNSSEC validations are not affected by this second issue. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2208-1 CVE-2011-0414 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | bind9 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-01 (bind) File : nvt/glsa_201206_01.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2208-1 (bind9) File : nvt/deb_2208_1.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2208-2 (bind9) File : nvt/deb_2208_2.nasl |
2011-02-28 | Name : Ubuntu Update for bind9 vulnerability USN-1070-1 File : nvt/gb_ubuntu_USN_1070_1.nasl |
2011-02-23 | Name : ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability File : nvt/gb_bind_46491.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72539 | ISC BIND Authoritative Server Crafted IXFR / DDNS Query Update Deadlock DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-21 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_bind-110224.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-01.nasl - Type : ACT_GATHER_INFO |
2011-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2208.nasl - Type : ACT_GATHER_INFO |
2011-02-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1070-1.nasl - Type : ACT_GATHER_INFO |
2011-02-23 | Name : The remote name server is affected by a denial of service vulnerability. File : bind9_973.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:19 |
|