CVE-2014-0591

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.

References

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

http://linux.oracle.com/errata/ELSA-2014-1244

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126761.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126772.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html

http://lists.opensuse.org/opensuse-updates/2014-02/msg00016.html

http://lists.opensuse.org/opensuse-updates/2014-02/msg00019.html

http://marc.info/?l=bugtraq&m=138995561732658&w=2

http://osvdb.org/101973

http://rhn.redhat.com/errata/RHSA-2014-0043.html

http://secunia.com/advisories/56425

http://secunia.com/advisories/56427

http://secunia.com/advisories/56442

http://secunia.com/advisories/56493

http://secunia.com/advisories/56522

http://secunia.com/advisories/56574

http://secunia.com/advisories/56871

http://secunia.com/advisories/61117

http://secunia.com/advisories/61199

http://secunia.com/advisories/61343

http://www.debian.org/security/2014/dsa-3023

http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc

http://www.mandriva.com/security/advisories?name=MDVSA-2014:002

http://www.securityfocus.com/bid/64801

http://www.securitytracker.com/id/1029589

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.518391

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.524465

http://www.ubuntu.com/usn/USN-2081-1

https://bugzilla.redhat.com/show_bug.cgi?id=1051717

https://kb.isc.org/article/AA-01078

https://kb.isc.org/article/AA-01085

https://support.apple.com/kb/HT6536

Details

Source: MITRE

Published: 2014-01-14

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.4:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.6:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.7.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.2:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.3:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.5:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.8.6:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.4:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.4:rc2:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
147379NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Multiple Vulnerabilities (NS-SA-2021-0017)NessusNewStart CGSL Local Security Checks
critical
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
82195Debian DLA-48-1 : bind9 security updateNessusDebian Local Security Checks
low
80247OracleVM 3.3 : bind (OVMSA-2014-0084)NessusOracleVM Local Security Checks
high
78601Mac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)NessusMacOS X Local Security Checks
high
78416Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20140916)NessusScientific Linux Local Security Checks
low
77991CentOS 5 : bind97 (CESA-2014:1244)NessusCentOS Local Security Checks
low
77737Oracle Linux 5 : bind97 (ELSA-2014-1244)NessusOracle Linux Local Security Checks
low
77697RHEL 5 : bind97 (RHSA-2014:1244)NessusRed Hat Local Security Checks
low
77637Debian DSA-3023-1 : bind9 - security updateNessusDebian Local Security Checks
low
76204Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2014-175-01)NessusSlackware Local Security Checks
medium
75248openSUSE Security Update : bind (openSUSE-SU-2014:0199-1)NessusSuSE Local Security Checks
low
72305Amazon Linux AMI : bind (ALAS-2014-287)NessusAmazon Linux Local Security Checks
low
72241SuSE 11.2 / 11.3 Security Update : bind (SAT Patch Numbers 8834 / 8835)NessusSuSE Local Security Checks
low
72208GLSA-201401-34 : BIND: Denial of ServiceNessusGentoo Local Security Checks
high
72187Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2014-028-01)NessusSlackware Local Security Checks
low
72084Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20140120)NessusScientific Linux Local Security Checks
low
72059RHEL 6 : bind (RHSA-2014:0043)NessusRed Hat Local Security Checks
low
72057Oracle Linux 6 : bind (ELSA-2014-0043)NessusOracle Linux Local Security Checks
low
72044CentOS 6 : bind (CESA-2014:0043)NessusCentOS Local Security Checks
low
72018Mandriva Linux Security Advisory : bind (MDVSA-2014:002)NessusMandriva Local Security Checks
low
72015Fedora 19 : bind-9.9.3-14.P2.fc19 (2014-0858)NessusFedora Local Security Checks
low
72014Fedora 20 : bind-9.9.4-11.P2.fc20 (2014-0811)NessusFedora Local Security Checks
low
71940ISC BIND 9 NSEC3-Signed Zone Handling DoSNessusDNS
low
71939Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : bind9 vulnerability (USN-2081-1)NessusUbuntu Local Security Checks
low
71935FreeBSD : bind -- denial of service vulnerability (cb252f01-7c43-11e3-b0a6-005056a37f68)NessusFreeBSD Local Security Checks
low
25542Solaris 10 (x86) : 119784-40 (deprecated)NessusSolaris Local Security Checks
medium
25541Solaris 10 (sparc) : 119783-40 (deprecated)NessusSolaris Local Security Checks
medium