CVE-2012-3817high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
References
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.opensuse.org/opensuse-updates/2012-08/msg00013.html
http://lists.opensuse.org/opensuse-updates/2012-08/msg00015.html
http://rhn.redhat.com/errata/RHSA-2012-1122.html
http://rhn.redhat.com/errata/RHSA-2012-1123.html
http://secunia.com/advisories/51096
http://support.apple.com/kb/HT5880
http://www.debian.org/security/2012/dsa-2517
http://www.securitytracker.com/id?1027296
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.1:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.2:rc1:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6.2:rc1:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*
Configuration 5
OR
cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*
Configuration 6
OR
cpe:2.3:a:isc:bind:9.9.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:a3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:b2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:rc4:*:*:*:*:*:*
Configuration 7
OR
cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 137170 | OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) | Nessus | OracleVM Local Security Checks | high |
| 99569 | OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) | Nessus | OracleVM Local Security Checks | high |
| 91739 | OracleVM 3.2 : bind (OVMSA-2016-0055) | Nessus | OracleVM Local Security Checks | high |
| 89039 | VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check) | Nessus | Misc. | high |
| 80596 | Oracle Solaris Third-Party Patch Update : bind (cve_2012_3817_denial_of) | Nessus | Solaris Local Security Checks | high |
| 78146 | F5 Networks BIG-IP : BIND vulnerability (SOL14316) | Nessus | F5 Networks Local Security Checks | high |
| 74953 | openSUSE Security Update : bind (openSUSE-SU-2013:0605-1) | Nessus | SuSE Local Security Checks | high |
| 74703 | openSUSE Security Update : bind (openSUSE-SU-2012:0969-1) | Nessus | SuSE Local Security Checks | high |
| 74702 | openSUSE Security Update : bind (openSUSE-SU-2012:0971-1) | Nessus | SuSE Local Security Checks | high |
| 8008 | Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004) | Nessus Network Monitor | Web Clients | critical |
| 69878 | Mac OS X Multiple Vulnerabilities (Security Update 2013-004) | Nessus | MacOS X Local Security Checks | critical |
| 69877 | Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
| 69603 | Amazon Linux AMI : bind (ALAS-2012-113) | Nessus | Amazon Linux Local Security Checks | high |
| 68587 | Oracle Linux 5 / 6 : bind (ELSA-2012-1123) | Nessus | Oracle Linux Local Security Checks | high |
| 68586 | Oracle Linux 5 : bind97 (ELSA-2012-1122) | Nessus | Oracle Linux Local Security Checks | high |
| 67091 | CentOS 5 / 6 : bind (CESA-2012:1123) | Nessus | CentOS Local Security Checks | high |
| 67090 | CentOS 5 : bind97 (CESA-2012:1122) | Nessus | CentOS Local Security Checks | high |
| 66516 | Juniper Junos DNSSEC Validation DoS (PSN-2013-04-918) | Nessus | Junos Local Security Checks | high |
| 6807 | ISC BIND 9 Multiple DoS | Nessus Network Monitor | DNS Servers | high |
| 64113 | SuSE 11.1 / 11.2 Security Update : bind (SAT Patch Numbers 6604 / 6605) | Nessus | SuSE Local Security Checks | high |
| 63167 | Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2012-341-01) | Nessus | Slackware Local Security Checks | high |
| 62944 | VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console | Nessus | VMware ESX Local Security Checks | high |
| 62237 | GLSA-201209-04 : BIND: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 61969 | Mandriva Linux Security Advisory : bind (MDVSA-2012:119) | Nessus | Mandriva Local Security Checks | high |
| 61728 | SuSE 10 Security Update : bind (ZYPP Patch Number 8237) | Nessus | SuSE Local Security Checks | high |
| 61468 | Fedora 16 : bind-9.8.3-3.P2.fc16 (2012-11153) | Nessus | Fedora Local Security Checks | high |
| 61467 | Fedora 17 : bind-9.9.1-5.P2.fc17 (2012-11146) | Nessus | Fedora Local Security Checks | high |
| 61443 | FreeBSD : FreeBSD -- named(8) DNSSEC validation Denial of Service (0f020b7b-e033-11e1-90a2-000c299b62e1) | Nessus | FreeBSD Local Security Checks | high |
| 60160 | RHEL 5 / 6 : bind (RHSA-2012:1123) | Nessus | Red Hat Local Security Checks | high |
| 60159 | RHEL 5 : bind97 (RHSA-2012:1122) | Nessus | Red Hat Local Security Checks | high |
| 60156 | Debian DSA-2517-1 : bind9 - denial of service | Nessus | Debian Local Security Checks | high |
| 60136 | Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : bind9 vulnerability (USN-1518-1) | Nessus | Ubuntu Local Security Checks | high |
| 60120 | ISC BIND 9 Multiple Denial of Service Vulnerabilities | Nessus | DNS | high |
| 60114 | FreeBSD : dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure (0bc67930-d5c3-11e1-bef6-0024e81297ae) | Nessus | FreeBSD Local Security Checks | high |