Input validation error in ISC BIND - CVE-2011-4313
Published: November 29, 2011 / Updated: August 4, 2020
Vulnerability identifier: #VU33961
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-4313
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ISC
Affected software:
ISC BIND
ISC BIND
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
How to mitigate CVE-2011-4313
Install update from vendor's website.
Sources
- http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.html
- http://marc.info/?l=bugtraq&m=132310123002302&w=2
- http://marc.info/?l=bugtraq&m=133978480208466&w=2
- http://marc.info/?l=bugtraq&m=141879471518471&w=2
- http://osvdb.org/77159
- http://secunia.com/advisories/46536
- http://secunia.com/advisories/46829
- http://secunia.com/advisories/46887
- http://secunia.com/advisories/46890
- http://secunia.com/advisories/46905
- http://secunia.com/advisories/46906
- http://secunia.com/advisories/46943
- http://secunia.com/advisories/46984
- http://secunia.com/advisories/47043
- http://secunia.com/advisories/47075
- http://secunia.com/advisories/48308
- http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.asc
- http://support.apple.com/kb/HT5501
- http://www.debian.org/security/2011/dsa-2347
- http://www.ibm.com/support/docview.wss?uid=isg1IV11248
- http://www.isc.org/software/bind/advisories/cve-2011-4313
- http://www.kb.cert.org/vuls/id/606539
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:176
- http://www.redhat.com/support/errata/RHSA-2011-1458.html
- http://www.redhat.com/support/errata/RHSA-2011-1459.html
- http://www.redhat.com/support/errata/RHSA-2011-1496.html
- http://www.securityfocus.com/bid/50690
- http://www.securitytracker.com/id?1026335
- http://www.ubuntu.com/usn/USN-1264-1
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV11106
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71332
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14343