#VU33963 Input validation error in ISC BIND


Published: 2011-05-31 | Updated: 2020-08-04

Vulnerability identifier: #VU33963

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-1910

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ISC BIND
Server applications / DNS servers

Vendor: ISC

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ISC BIND: 4.9.2 - 9.7.3

External links
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html
http://marc.info/?l=bugtraq&m=142180687100892&w=2
http://osvdb.org/72540
http://secunia.com/advisories/44677
http://secunia.com/advisories/44719
http://secunia.com/advisories/44741
http://secunia.com/advisories/44744
http://secunia.com/advisories/44758
http://secunia.com/advisories/44762
http://secunia.com/advisories/44783
http://secunia.com/advisories/44929
http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.685026
http://support.apple.com/kb/HT5002
http://www.debian.org/security/2011/dsa-2244
http://www.kb.cert.org/vuls/id/795694
http://www.mandriva.com/security/advisories?name=MDVSA-2011:104
http://www.redhat.com/support/errata/RHSA-2011-0845.html
http://www.securityfocus.com/bid/48007
http://www.securitytracker.com/id?1025572
http://bugzilla.redhat.com/show_bug.cgi?id=708301
http://hermes.opensuse.org/messages/8699912
http://www.isc.org/software/bind/advisories/cve-2011-1910

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Input validation error in bind (Alpine package)
Input validation error in ISC BIND
Slackware Linux update for bind