CVE-2012-1667

HIGH

Description

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

ID	Name	Product	Family	Severity
137170	OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)	Nessus	OracleVM Local Security Checks	critical
99569	OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)	Nessus	OracleVM Local Security Checks	critical
91739	OracleVM 3.2 : bind (OVMSA-2016-0055)	Nessus	OracleVM Local Security Checks	high
89039	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)	Nessus	Misc.	high
86003	F5 Networks BIG-IP : BIND vulnerability (SOL13660)	Nessus	F5 Networks Local Security Checks	high
80593	Oracle Solaris Third-Party Patch Update : bind (cve_2012_1667_denial_of)	Nessus	Solaris Local Security Checks	high
74953	openSUSE Security Update : bind (openSUSE-SU-2013:0605-1)	Nessus	SuSE Local Security Checks	high
74648	openSUSE Security Update : bind (openSUSE-SU-2012:0722-1)	Nessus	SuSE Local Security Checks	high
69691	Amazon Linux AMI : bind (ALAS-2012-84)	Nessus	Amazon Linux Local Security Checks	high
68680	Oracle Linux 4 : bind (ELSA-2012-2028)	Nessus	Oracle Linux Local Security Checks	high
68538	Oracle Linux 5 : bind97 (ELSA-2012-0717)	Nessus	Oracle Linux Local Security Checks	high
68537	Oracle Linux 5 / 6 : bind (ELSA-2012-0716)	Nessus	Oracle Linux Local Security Checks	high
6806	ISC BIND 9 Zero-Length RDATA Section Denial of Service / Information Disclosure	Nessus Network Monitor	DNS Servers	high
64112	SuSE 11.1 Security Update : bind (SAT Patch Number 6388)	Nessus	SuSE Local Security Checks	high
64111	SuSE 11.2 Security Update : bind (SAT Patch Number 6382)	Nessus	SuSE Local Security Checks	high
63724	AIX 5.3 TL 12 : bind9 (IV22625)	Nessus	AIX Local Security Checks	high
63723	AIX 7.1 TL 1 : bind9 (IV22557)	Nessus	AIX Local Security Checks	high
63722	AIX 7.1 TL 0 : bind9 (IV22556)	Nessus	AIX Local Security Checks	high
63721	AIX 6.1 TL 7 : bind9 (IV22555)	Nessus	AIX Local Security Checks	high
63720	AIX 6.1 TL 6 : bind9 (IV22554)	Nessus	AIX Local Security Checks	high
63167	Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2012-341-01)	Nessus	Slackware Local Security Checks	high
62944	VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console	Nessus	VMware ESX Local Security Checks	high
62237	GLSA-201209-04 : BIND: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
6584	Mac OS X 10.8 < 10.8.2 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
6583	Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
62215	Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
62214	Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)	Nessus	MacOS X Local Security Checks	critical
62213	Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)	Nessus	MacOS X Local Security Checks	critical
61325	Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20120607)	Nessus	Scientific Linux Local Security Checks	high
61324	Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20120607)	Nessus	Scientific Linux Local Security Checks	high
59764	Debian DSA-2486-1 : bind9 - denial of service	Nessus	Debian Local Security Checks	high
59749	FreeBSD : FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8) (fc5231b6-c066-11e1-b5e0-000c299b62e1)	Nessus	FreeBSD Local Security Checks	high
59552	SuSE 10 Security Update : bind (ZYPP Patch Number 8169)	Nessus	SuSE Local Security Checks	high
59541	Fedora 15 : bind-9.8.3-2.P1.fc15 (2012-8962)	Nessus	Fedora Local Security Checks	high
59540	Fedora 16 : bind-9.8.3-2.P1.fc16 (2012-8946)	Nessus	Fedora Local Security Checks	high
59507	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2012-166-01)	Nessus	Slackware Local Security Checks	high
59488	Fedora 17 : bind-9.9.1-2.P1.fc17 (2012-8968)	Nessus	Fedora Local Security Checks	high
59446	ISC BIND 9 Zero-Length RDATA Section Denial of Service / Information Disclosure	Nessus	DNS	high
59440	Mandriva Linux Security Advisory : bind (MDVSA-2012:089)	Nessus	Mandriva Local Security Checks	high
59424	RHEL 5 : bind97 (RHSA-2012:0717)	Nessus	Red Hat Local Security Checks	high
59423	RHEL 5 / 6 : bind (RHSA-2012:0716)	Nessus	Red Hat Local Security Checks	high
59414	CentOS 5 : bind97 (CESA-2012:0717)	Nessus	CentOS Local Security Checks	high
59413	CentOS 5 / 6 : bind (CESA-2012:0716)	Nessus	CentOS Local Security Checks	high
59386	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : bind9 vulnerabilities (USN-1462-1)	Nessus	Ubuntu Local Security Checks	high
59361	FreeBSD : dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory (1ecc0d3f-ae8e-11e1-965b-0024e88a8c98)	Nessus	FreeBSD Local Security Checks	high

CVE-2012-1667

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

critical

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high