Main Vulnerability Database SB2012061101

SB2012061101 - Input validation error in bind (Alpine package)

Published: June 11, 2012

Security Bulletin ID SB2012061101

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2012-1667)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=c6218a94cd4c77f12a2a44b5d2e4be97ae47ff68
https://git.alpinelinux.org/aports/commit/?id=fdbd930e1fe4b872f01d3898edff095b2c5b0ae4
https://git.alpinelinux.org/aports/commit/?id=13ae5bd9ebbaab46652070d10373fbe1feb1eb9a