SB2012061101 - Input validation error in bind (Alpine package)

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2012-1667)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=c6218a94cd4c77f12a2a44b5d2e4be97ae47ff68
• https://git.alpinelinux.org/aports/commit/?id=fdbd930e1fe4b872f01d3898edff095b2c5b0ae4
• https://git.alpinelinux.org/aports/commit/?id=13ae5bd9ebbaab46652070d10373fbe1feb1eb9a