Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2012-5166First vendor Publication2012-10-10
VendorCveLast vendor Modification2017-09-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166

CWE : Common Weakness Enumeration

%idName
100 %CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21307
 
Oval ID: oval:org.mitre.oval:def:21307
Title: RHSA-2012:1363: bind security update (Important)
Description: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Family: unix Class: patch
Reference(s): RHSA-2012:1363-01
CESA-2012:1363
CVE-2012-5166
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21231
 
Oval ID: oval:org.mitre.oval:def:21231
Title: RHSA-2012:1364: bind97 security update (Important)
Description: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Family: unix Class: patch
Reference(s): RHSA-2012:1364-00
CESA-2012:1364
CVE-2012-5166
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): bind97
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20024
 
Oval ID: oval:org.mitre.oval:def:20024
Title: DSA-2560-1 bind9 - denial of service
Description: It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers.
Family: unix Class: patch
Reference(s): DSA-2560-1
CVE-2012-5166
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19809
 
Oval ID: oval:org.mitre.oval:def:19809
Title: HP-UX Running BIND, Remote Denial of Service (DoS), Authentication Bypass
Description: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5166
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19706
 
Oval ID: oval:org.mitre.oval:def:19706
Title: Vulnerability in AIX bind
Description: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5166
Version: 5
Platform(s): IBM AIX 5.3
IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18040
 
Oval ID: oval:org.mitre.oval:def:18040
Title: USN-1601-1 -- bind9 vulnerability
Description: Bind could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1601-1
CVE-2012-5166
Version: 5
Platform(s): Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23643
 
Oval ID: oval:org.mitre.oval:def:23643
Title: ELSA-2012:1363: bind security update (Important)
Description: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Family: unix Class: patch
Reference(s): ELSA-2012:1363-01
CVE-2012-5166
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23403
 
Oval ID: oval:org.mitre.oval:def:23403
Title: ELSA-2012:1364: bind97 security update (Important)
Description: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Family: unix Class: patch
Reference(s): ELSA-2012:1364-00
CVE-2012-5166
Version: 6
Platform(s): Oracle Linux 5
Product(s): bind97
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22810
 
Oval ID: oval:org.mitre.oval:def:22810
Title: DEPRECATED: ELSA-2012:1363: bind security update (Important)
Description: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Family: unix Class: patch
Reference(s): ELSA-2012:1363-01
CVE-2012-5166
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27547
 
Oval ID: oval:org.mitre.oval:def:27547
Title: DEPRECATED: ELSA-2012-1363 -- bind security update (important)
Description: [32:9.8.2-0.10.rc1.5] - fix CVE-2012-5166
Family: unix Class: patch
Reference(s): ELSA-2012-1363
CVE-2012-5166
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): bind
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27135
 
Oval ID: oval:org.mitre.oval:def:27135
Title: DEPRECATED: ELSA-2012-1364 -- bind97 security update (important)
Description: [32:9.7.0-10.P2.4] - fix CVE-2012-5166
Family: unix Class: patch
Reference(s): ELSA-2012-1364
CVE-2012-5166
Version: 4
Platform(s): Oracle Linux 5
Product(s): bind97
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application278

OpenVAS Exploits

DateDescription
2012-12-13Name : SuSE Update for bind openSUSE-SU-2012:1372-1 (bind)
File : nvt/gb_suse_2012_1372_1.nasl
2012-10-29Name : Debian Security Advisory DSA 2560-1 (bind9)
File : nvt/deb_2560_1.nasl
2012-10-23Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_bind-dyndb-ldap_fc17.nasl
2012-10-23Name : Fedora Update for bind FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_bind_fc17.nasl
2012-10-23Name : Fedora Update for dhcp FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_dhcp_fc17.nasl
2012-10-23Name : Fedora Update for dnsperf FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_dnsperf_fc17.nasl
2012-10-23Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_bind-dyndb-ldap_fc16.nasl
2012-10-23Name : Fedora Update for bind FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_bind_fc16.nasl
2012-10-23Name : Fedora Update for dhcp FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_dhcp_fc16.nasl
2012-10-23Name : Fedora Update for dnsperf FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_dnsperf_fc16.nasl
2012-10-16Name : RedHat Update for bind RHSA-2012:1363-01
File : nvt/gb_RHSA-2012_1363-01_bind.nasl
2012-10-16Name : RedHat Update for bind97 RHSA-2012:1364-01
File : nvt/gb_RHSA-2012_1364-01_bind97.nasl
2012-10-16Name : CentOS Update for bind CESA-2012:1363 centos5
File : nvt/gb_CESA-2012_1363_bind_centos5.nasl
2012-10-16Name : CentOS Update for bind CESA-2012:1363 centos6
File : nvt/gb_CESA-2012_1363_bind_centos6.nasl
2012-10-16Name : CentOS Update for bind97 CESA-2012:1364 centos5
File : nvt/gb_CESA-2012_1364_bind97_centos5.nasl
2012-10-13Name : FreeBSD Ports: bind99
File : nvt/freebsd_bind992.nasl
2012-10-11Name : Mandriva Update for bind MDVSA-2012:162 (bind)
File : nvt/gb_mandriva_MDVSA_2012_162.nasl
2012-10-11Name : Ubuntu Update for bind9 USN-1601-1
File : nvt/gb_ubuntu_USN_1601_1.nasl

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-09-19IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373

Nessus® Vulnerability Scanner

DateDescription
2017-04-21Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2016-06-22Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0055.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_bind_20130129_2.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL14201.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-296.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-716.nasl - Type : ACT_GATHER_INFO
2014-01-30Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-34.nasl - Type : ACT_GATHER_INFO
2013-12-03Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U855334.nasl - Type : ACT_GATHER_INFO
2013-09-13Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-138.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1363.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1364.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1365.nasl - Type : ACT_GATHER_INFO
2013-05-01Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U855824.nasl - Type : ACT_GATHER_INFO
2013-05-01Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U857842.nasl - Type : ACT_GATHER_INFO
2013-04-14Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4b79538ba45011e29898001060e06fd4.nasl - Type : ACT_GATHER_INFO
2013-03-28Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U854646.nasl - Type : ACT_GATHER_INFO
2013-03-28Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U854732.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_bind-121015.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IV30365.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IV30366.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IV30367.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IV30368.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IV30364.nasl - Type : ACT_GATHER_INFO
2012-12-07Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2012-341-01.nasl - Type : ACT_GATHER_INFO
2012-10-23Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-15981.nasl - Type : ACT_GATHER_INFO
2012-10-22Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-15965.nasl - Type : ACT_GATHER_INFO
2012-10-22Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-16022.nasl - Type : ACT_GATHER_INFO
2012-10-22Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2560.nasl - Type : ACT_GATHER_INFO
2012-10-16Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121012_bind97_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-10-16Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121012_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-10-16Name : The remote name server may be affected by a denial of service vulnerability.
File : bind9_991_p4.nasl - Type : ACT_GATHER_INFO
2012-10-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1363.nasl - Type : ACT_GATHER_INFO
2012-10-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1364.nasl - Type : ACT_GATHER_INFO
2012-10-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1363.nasl - Type : ACT_GATHER_INFO
2012-10-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1364.nasl - Type : ACT_GATHER_INFO
2012-10-11Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_57a700f912c011e29f86001d923933b6.nasl - Type : ACT_GATHER_INFO
2012-10-11Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-162.nasl - Type : ACT_GATHER_INFO
2012-10-11Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1601-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
AIXAPAR http://www.ibm.com/support/docview.wss?uid=isg1IV30185
http://www.ibm.com/support/docview.wss?uid=isg1IV30247
http://www.ibm.com/support/docview.wss?uid=isg1IV30364
http://www.ibm.com/support/docview.wss?uid=isg1IV30365
http://www.ibm.com/support/docview.wss?uid=isg1IV30366
http://www.ibm.com/support/docview.wss?uid=isg1IV30367
http://www.ibm.com/support/docview.wss?uid=isg1IV30368
APPLE http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
BID http://www.securityfocus.com/bid/55852
CONFIRM http://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc
http://support.apple.com/kb/HT5880
http://www.isc.org/software/bind/advisories/cve-2012-5166
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546....
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/...
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://kb.isc.org/article/AA-00801
DEBIAN http://www.debian.org/security/2012/dsa-2560
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090346...
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090491...
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090586...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2012:162
REDHAT http://rhn.redhat.com/errata/RHSA-2012-1363.html
http://rhn.redhat.com/errata/RHSA-2012-1364.html
http://rhn.redhat.com/errata/RHSA-2012-1365.html
SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&...
SUSE http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00013.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
DateInformations
2017-09-19 09:25:37
  • Multiple Updates
2017-04-22 13:25:52
  • Multiple Updates
2016-12-07 09:24:10
  • Multiple Updates
2016-09-09 09:23:15
  • Multiple Updates
2016-08-20 09:22:28
  • Multiple Updates
2016-06-28 22:07:26
  • Multiple Updates
2016-06-23 13:29:27
  • Multiple Updates
2016-04-04 21:25:37
  • Multiple Updates
2015-04-04 13:27:20
  • Multiple Updates
2015-01-21 13:25:52
  • Multiple Updates
2014-10-11 13:26:15
  • Multiple Updates
2014-06-14 13:33:49
  • Multiple Updates
2014-02-17 11:14:00
  • Multiple Updates
2013-12-05 17:19:20
  • Multiple Updates
2013-11-25 13:20:34
  • Multiple Updates
2013-11-11 12:40:04
  • Multiple Updates
2013-09-18 13:19:36
  • Multiple Updates
2013-08-20 17:22:34
  • Multiple Updates
2013-06-26 13:19:51
  • Multiple Updates
2013-05-30 13:23:30
  • Multiple Updates
2013-05-10 22:48:10
  • Multiple Updates
2013-04-19 13:20:52
  • Multiple Updates
2013-04-11 13:20:53
  • Multiple Updates
2013-02-22 13:22:22
  • Multiple Updates
2013-01-30 13:23:49
  • Multiple Updates
2013-01-26 13:19:05
  • Multiple Updates
2012-12-19 13:25:56
  • Multiple Updates
2012-12-05 13:19:06
  • Multiple Updates
2012-11-20 13:22:38
  • Multiple Updates