HIGH
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.opensuse.org/opensuse-updates/2012-08/msg00013.html
http://lists.opensuse.org/opensuse-updates/2012-08/msg00015.html
http://rhn.redhat.com/errata/RHSA-2012-1122.html
http://rhn.redhat.com/errata/RHSA-2012-1123.html
http://secunia.com/advisories/51096
http://support.apple.com/kb/HT5880
http://www.debian.org/security/2012/dsa-2517
http://www.securitytracker.com/id?1027296
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004
OR
cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
OR
cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*
OR
cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.2:rc1:*:*:*:*:*:*
OR
cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*
OR
cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*
OR
cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*
OR
cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 137170 | OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) | Nessus | OracleVM Local Security Checks | critical |
| 99569 | OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) | Nessus | OracleVM Local Security Checks | critical |
| 91739 | OracleVM 3.2 : bind (OVMSA-2016-0055) | Nessus | OracleVM Local Security Checks | high |
| 89039 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check) | Nessus | Misc. | high |
| 80596 | Oracle Solaris Third-Party Patch Update : bind (cve_2012_3817_denial_of) | Nessus | Solaris Local Security Checks | high |
| 78146 | F5 Networks BIG-IP : BIND vulnerability (SOL14316) | Nessus | F5 Networks Local Security Checks | high |
| 74953 | openSUSE Security Update : bind (openSUSE-SU-2013:0605-1) | Nessus | SuSE Local Security Checks | high |
| 74703 | openSUSE Security Update : bind (openSUSE-SU-2012:0969-1) | Nessus | SuSE Local Security Checks | high |
| 74702 | openSUSE Security Update : bind (openSUSE-SU-2012:0971-1) | Nessus | SuSE Local Security Checks | high |
| 8008 | Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004) | Nessus Network Monitor | Web Clients | critical |
| 69878 | Mac OS X Multiple Vulnerabilities (Security Update 2013-004) | Nessus | MacOS X Local Security Checks | critical |
| 69877 | Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 69603 | Amazon Linux AMI : bind (ALAS-2012-113) | Nessus | Amazon Linux Local Security Checks | high |
| 68587 | Oracle Linux 5 / 6 : bind (ELSA-2012-1123) | Nessus | Oracle Linux Local Security Checks | high |
| 68586 | Oracle Linux 5 : bind97 (ELSA-2012-1122) | Nessus | Oracle Linux Local Security Checks | high |
| 67091 | CentOS 5 / 6 : bind (CESA-2012:1123) | Nessus | CentOS Local Security Checks | high |
| 67090 | CentOS 5 : bind97 (CESA-2012:1122) | Nessus | CentOS Local Security Checks | high |
| 66516 | Juniper Junos DNSSEC Validation DoS (PSN-2013-04-918) | Nessus | Junos Local Security Checks | high |
| 6807 | ISC BIND 9 Multiple DoS | Nessus Network Monitor | DNS Servers | high |
| 64113 | SuSE 11.1 / 11.2 Security Update : bind (SAT Patch Numbers 6604 / 6605) | Nessus | SuSE Local Security Checks | high |
| 63167 | Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2012-341-01) | Nessus | Slackware Local Security Checks | high |
| 62944 | VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console | Nessus | VMware ESX Local Security Checks | high |
| 62237 | GLSA-201209-04 : BIND: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 61969 | Mandriva Linux Security Advisory : bind (MDVSA-2012:119) | Nessus | Mandriva Local Security Checks | high |
| 61728 | SuSE 10 Security Update : bind (ZYPP Patch Number 8237) | Nessus | SuSE Local Security Checks | high |
| 61468 | Fedora 16 : bind-9.8.3-3.P2.fc16 (2012-11153) | Nessus | Fedora Local Security Checks | high |
| 61467 | Fedora 17 : bind-9.9.1-5.P2.fc17 (2012-11146) | Nessus | Fedora Local Security Checks | high |
| 61443 | FreeBSD : FreeBSD -- named(8) DNSSEC validation Denial of Service (0f020b7b-e033-11e1-90a2-000c299b62e1) | Nessus | FreeBSD Local Security Checks | high |
| 60160 | RHEL 5 / 6 : bind (RHSA-2012:1123) | Nessus | Red Hat Local Security Checks | high |
| 60159 | RHEL 5 : bind97 (RHSA-2012:1122) | Nessus | Red Hat Local Security Checks | high |
| 60156 | Debian DSA-2517-1 : bind9 - denial of service | Nessus | Debian Local Security Checks | high |
| 60136 | Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : bind9 vulnerability (USN-1518-1) | Nessus | Ubuntu Local Security Checks | high |
| 60120 | ISC BIND 9 Multiple Denial of Service Vulnerabilities | Nessus | DNS | high |
| 60114 | FreeBSD : dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure (0bc67930-d5c3-11e1-bef6-0024e81297ae) | Nessus | FreeBSD Local Security Checks | high |