CVE-2012-3817

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.

References

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://lists.opensuse.org/opensuse-updates/2012-08/msg00013.html

http://lists.opensuse.org/opensuse-updates/2012-08/msg00015.html

http://rhn.redhat.com/errata/RHSA-2012-1122.html

http://rhn.redhat.com/errata/RHSA-2012-1123.html

http://secunia.com/advisories/51096

http://support.apple.com/kb/HT5880

http://www.debian.org/security/2012/dsa-2517

http://www.securitytracker.com/id?1027296

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004

http://www.ubuntu.com/usn/USN-1518-1

https://kb.isc.org/article/AA-00729

Details

Source: MITRE

Published: 2012-07-25

Updated: 2018-10-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.3:rc1:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:rc1:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.1:p1:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
91739OracleVM 3.2 : bind (OVMSA-2016-0055)NessusOracleVM Local Security Checks
high
89039VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)NessusMisc.
high
80596Oracle Solaris Third-Party Patch Update : bind (cve_2012_3817_denial_of)NessusSolaris Local Security Checks
high
78146F5 Networks BIG-IP : BIND vulnerability (SOL14316)NessusF5 Networks Local Security Checks
high
74953openSUSE Security Update : bind (openSUSE-SU-2013:0605-1)NessusSuSE Local Security Checks
high
74703openSUSE Security Update : bind (openSUSE-SU-2012:0969-1)NessusSuSE Local Security Checks
high
74702openSUSE Security Update : bind (openSUSE-SU-2012:0971-1)NessusSuSE Local Security Checks
high
8008Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)Nessus Network MonitorWeb Clients
critical
69878Mac OS X Multiple Vulnerabilities (Security Update 2013-004)NessusMacOS X Local Security Checks
critical
69877Mac OS X 10.8.x < 10.8.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
69603Amazon Linux AMI : bind (ALAS-2012-113)NessusAmazon Linux Local Security Checks
high
68587Oracle Linux 5 / 6 : bind (ELSA-2012-1123)NessusOracle Linux Local Security Checks
high
68586Oracle Linux 5 : bind97 (ELSA-2012-1122)NessusOracle Linux Local Security Checks
high
67091CentOS 5 / 6 : bind (CESA-2012:1123)NessusCentOS Local Security Checks
high
67090CentOS 5 : bind97 (CESA-2012:1122)NessusCentOS Local Security Checks
high
66516Juniper Junos DNSSEC Validation DoS (PSN-2013-04-918)NessusJunos Local Security Checks
high
6807ISC BIND 9 Multiple DoSNessus Network MonitorDNS Servers
high
64113SuSE 11.1 / 11.2 Security Update : bind (SAT Patch Numbers 6604 / 6605)NessusSuSE Local Security Checks
high
63167Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2012-341-01)NessusSlackware Local Security Checks
high
62944VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
62237GLSA-201209-04 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
61969Mandriva Linux Security Advisory : bind (MDVSA-2012:119)NessusMandriva Local Security Checks
high
61728SuSE 10 Security Update : bind (ZYPP Patch Number 8237)NessusSuSE Local Security Checks
high
61468Fedora 16 : bind-9.8.3-3.P2.fc16 (2012-11153)NessusFedora Local Security Checks
high
61467Fedora 17 : bind-9.9.1-5.P2.fc17 (2012-11146)NessusFedora Local Security Checks
high
61443FreeBSD : FreeBSD -- named(8) DNSSEC validation Denial of Service (0f020b7b-e033-11e1-90a2-000c299b62e1)NessusFreeBSD Local Security Checks
high
60160RHEL 5 / 6 : bind (RHSA-2012:1123)NessusRed Hat Local Security Checks
high
60159RHEL 5 : bind97 (RHSA-2012:1122)NessusRed Hat Local Security Checks
high
60156Debian DSA-2517-1 : bind9 - denial of serviceNessusDebian Local Security Checks
high
60136Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : bind9 vulnerability (USN-1518-1)NessusUbuntu Local Security Checks
high
60120ISC BIND 9 Multiple Denial of Service VulnerabilitiesNessusDNS
high
60114FreeBSD : dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure (0bc67930-d5c3-11e1-bef6-0024e81297ae)NessusFreeBSD Local Security Checks
high