Main Vulnerability Database SB2012103110

SB2012103110 - Input validation error in bind (Alpine package)

Published: October 31, 2012

Security Bulletin ID SB2012103110

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2012-4244)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=0d16ff610696676989317fefbc332d545bdb96c4
https://git.alpinelinux.org/aports/commit/?id=6f86d089d29862446e09ec4e27c1ed75f09273fc
https://git.alpinelinux.org/aports/commit/?id=429d3193c2304f4e5355fee38bb8bf5b260a7a1e