Main Vulnerability Database SB2011090105

SB2011090105 - Input validation error in bind (Alpine package)

Published: September 1, 2011

Security Bulletin ID SB2011090105

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2011-1910)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=8ad6b2df1f338baa4506e898f6ff74c5741dbfc5
https://git.alpinelinux.org/aports/commit/?id=f61c11fdfa57a06c4775c87326125f59b6992aaa