CVE-2012-3868

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004

https://kb.isc.org/article/AA-00730

Details

Source: MITRE

Published: 2012-07-25

Updated: 2013-11-25

Type: CWE-362

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
74953openSUSE Security Update : bind (openSUSE-SU-2013:0605-1)NessusSuSE Local Security Checks
high
6807ISC BIND 9 Multiple DoSNessus Network MonitorDNS Servers
high
63167Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2012-341-01)NessusSlackware Local Security Checks
high
62237GLSA-201209-04 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
61467Fedora 17 : bind-9.9.1-5.P2.fc17 (2012-11146)NessusFedora Local Security Checks
high
60120ISC BIND 9 Multiple Denial of Service VulnerabilitiesNessusDNS
high