Main Vulnerability Database SB2011112302

SB2011112302 - SUSE Linux update for bind

Published: November 23, 2011

Security Bulletin ID SB2011112302

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2011-4313)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2011-11/msg00031.html