Input validation error in ISC BIND
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU33930
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-5166
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
MitigationInstall update from vendor's website.
Vulnerable software versionsISC BIND: 4.9.2 - 9.7.6-P3
CPE2.3- cpe:2.3:a:isc:isc_bind:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:isc_bind:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:isc_bind:4.9.4:*:*:*:*:*:*:*
https://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc
https://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090346.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090491.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090586.html
https://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html
https://lists.opensuse.org/opensuse-security-announce/2012-10/msg00013.html
https://osvdb.org/86118
https://rhn.redhat.com/errata/RHSA-2012-1363.html
https://rhn.redhat.com/errata/RHSA-2012-1364.html
https://rhn.redhat.com/errata/RHSA-2012-1365.html
https://secunia.com/advisories/50903
https://secunia.com/advisories/50909
https://secunia.com/advisories/50956
https://secunia.com/advisories/51054
https://secunia.com/advisories/51078
https://secunia.com/advisories/51096
https://secunia.com/advisories/51106
https://secunia.com/advisories/51178
https://support.apple.com/kb/HT5880
https://www.debian.org/security/2012/dsa-2560
https://www.ibm.com/support/docview.wss?uid=isg1IV30185
https://www.ibm.com/support/docview.wss?uid=isg1IV30247
https://www.ibm.com/support/docview.wss?uid=isg1IV30364
https://www.ibm.com/support/docview.wss?uid=isg1IV30365
https://www.ibm.com/support/docview.wss?uid=isg1IV30366
https://www.ibm.com/support/docview.wss?uid=isg1IV30367
https://www.ibm.com/support/docview.wss?uid=isg1IV30368
https://www.isc.org/software/bind/advisories/cve-2012-5166
https://www.mandriva.com/security/advisories?name=MDVSA-2012:162
https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://www.securityfocus.com/bid/55852
https://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004
https://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://kb.isc.org/article/AA-00801
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19706
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
