Debian Lenny DSA-2130-1 High: Remote DoS Threats Fixed in BIND
debian
December 10, 2010
Several remote vulnerabilities have been discovered in BIND, an implementation of the DNS protocol suite
Summary
Several remote vulnerabilities have been discovered in BIND, an
implementation of the DNS protocol suite. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2010-3762
When DNSSEC validation is enabled, BIND does not properly
handle certain bad signatures if multiple trust anchors exist
for a single zone, which allows remote attackers to cause a
denial of service (server crash) via a DNS query.
CVE-2010-3614
BIND does not properly determine the security status of an NS
RRset during a DNSKEY algorithm rollover, which may lead to
zone unavailability during rollovers.
CVE-2010-3613
BIND does not properly handle the combination of signed
negative responses and corresponding RRSIG records in the
cache, which allows remote attackers to cause a denial of
service (server crash) via a query for cached data.
In addition, this security update improves compatibility with
previously installed versions of the bind9 package. As a result, it
is necessary to initiate th...
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!