cvelistv5 - cve-2011-2465

CVE-2011-2465 (GCVE-0-2011-2465)

Vulnerability from cvelistv5 – Published: 2011-07-08 20:00 – Updated: 2024-08-06 23:00

Summary

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/45185	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/518750/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1025743	vdb-entryx_refsource_SECTRACK
	http://www.isc.org/software/bind/advisories/cve-2…	x_refsource_CONFIRM
	http://osvdb.org/73604	vdb-entryx_refsource_OSVDB
	http://www.kb.cert.org/vuls/id/137968	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/48565	vdb-entryx_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:33.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "45185",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45185"
          },
          {
            "name": "20110705 Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
          },
          {
            "name": "1025743",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
          },
          {
            "name": "73604",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/73604"
          },
          {
            "name": "VU#137968",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/137968"
          },
          {
            "name": "48565",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48565"
          },
          {
            "name": "FEDORA-2011-9146",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
          },
          {
            "name": "SUSE-SA:2011:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
          },
          {
            "name": "iscbind-rpz-dos(68374)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "45185",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45185"
        },
        {
          "name": "20110705 Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
        },
        {
          "name": "1025743",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
        },
        {
          "name": "73604",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/73604"
        },
        {
          "name": "VU#137968",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/137968"
        },
        {
          "name": "48565",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48565"
        },
        {
          "name": "FEDORA-2011-9146",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
        },
        {
          "name": "SUSE-SA:2011:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
        },
        {
          "name": "iscbind-rpz-dos(68374)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2465",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45185",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45185"
            },
            {
              "name": "20110705 Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
            },
            {
              "name": "1025743",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025743"
            },
            {
              "name": "http://www.isc.org/software/bind/advisories/cve-2011-2465",
              "refsource": "CONFIRM",
              "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
            },
            {
              "name": "73604",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/73604"
            },
            {
              "name": "VU#137968",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/137968"
            },
            {
              "name": "48565",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48565"
            },
            {
              "name": "FEDORA-2011-9146",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
            },
            {
              "name": "SUSE-SA:2011:029",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
            },
            {
              "name": "iscbind-rpz-dos(68374)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-2465",
    "datePublished": "2011-07-08T20:00:00",
    "dateReserved": "2011-06-06T00:00:00",
    "dateUpdated": "2024-08-06T23:00:33.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EBDD71E-6F17-4EB6-899F-E27A93CDFDF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"25855A5C-302F-4A82-AEC1-8C4C9CB70362\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"03E68ACA-0288-4EE5-9250-54711B2E6670\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCC604FD-A834-4BA7-B1E2-1FCB6A583204\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en ISC BIND 9 v9.8.0, v9.8.0-P1, v9.8.0-P2, y v9.8.1b1, cuando la reclusi\\u00f3n est\\u00e1 habilitada y la Response Policy Zone (RPZ) contiene DNAME o algun registro CNAME, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (ca\\u00edda del demonio) a trav\\u00e9s de una consulta no especificada\"}]",
      "id": "CVE-2011-2465",
      "lastModified": "2024-11-21T01:28:20.380",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-07-08T20:55:00.930",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/73604\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/45185\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.isc.org/software/bind/advisories/cve-2011-2465\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/137968\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/518750/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/48565\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1025743\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/68374\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/73604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/45185\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.isc.org/software/bind/advisories/cve-2011-2465\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/137968\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/518750/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/48565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/68374\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2465\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-07-08T20:55:00.930\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en ISC BIND 9 v9.8.0, v9.8.0-P1, v9.8.0-P2, y v9.8.1b1, cuando la reclusi\u00f3n est\u00e1 habilitada y la Response Policy Zone (RPZ) contiene DNAME o algun registro CNAME, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una consulta no especificada\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EBDD71E-6F17-4EB6-899F-E27A93CDFDF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"25855A5C-302F-4A82-AEC1-8C4C9CB70362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E68ACA-0288-4EE5-9250-54711B2E6670\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC604FD-A834-4BA7-B1E2-1FCB6A583204\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/73604\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/45185\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.isc.org/software/bind/advisories/cve-2011-2465\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/137968\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/518750/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/48565\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1025743\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/68374\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/73604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/45185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.isc.org/software/bind/advisories/cve-2011-2465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/137968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/518750/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/68374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-MQ9V-93WJ-M5JW

Vulnerability from github – Published: 2022-05-14 02:55 – Updated: 2022-05-14 02:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2465"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-07-08T20:55:00Z",
    "severity": "LOW"
  },
  "details": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.",
  "id": "GHSA-mq9v-93wj-m5jw",
  "modified": "2022-05-14T02:55:16Z",
  "published": "2022-05-14T02:55:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2465"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/73604"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45185"
    },
    {
      "type": "WEB",
      "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/137968"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/48565"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1025743"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-2465

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2465

Aliases

CVE-2011-2465

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2465",
    "description": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.",
    "id": "GSD-2011-2465",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-2465.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2465"
      ],
      "details": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.",
      "id": "GSD-2011-2465",
      "modified": "2023-12-13T01:19:07.277119Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-2465",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "45185",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45185"
          },
          {
            "name": "20110705 Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
          },
          {
            "name": "1025743",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1025743"
          },
          {
            "name": "http://www.isc.org/software/bind/advisories/cve-2011-2465",
            "refsource": "CONFIRM",
            "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
          },
          {
            "name": "73604",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/73604"
          },
          {
            "name": "VU#137968",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/137968"
          },
          {
            "name": "48565",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/48565"
          },
          {
            "name": "FEDORA-2011-9146",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
          },
          {
            "name": "SUSE-SA:2011:029",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
          },
          {
            "name": "iscbind-rpz-dos(68374)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-2465"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45185",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/45185"
            },
            {
              "name": "48565",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/48565"
            },
            {
              "name": "1025743",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1025743"
            },
            {
              "name": "VU#137968",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/137968"
            },
            {
              "name": "http://www.isc.org/software/bind/advisories/cve-2011-2465",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
            },
            {
              "name": "SUSE-SA:2011:029",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
            },
            {
              "name": "FEDORA-2011-9146",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
            },
            {
              "name": "73604",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/73604"
            },
            {
              "name": "iscbind-rpz-dos(68374)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
            },
            {
              "name": "20110705 Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:32Z",
      "publishedDate": "2011-07-08T20:55Z"
    }
  }
}

FKIE_CVE-2011-2465

Vulnerability from fkie_nvd - Published: 2011-07-08 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html
cve@mitre.org	http://osvdb.org/73604
cve@mitre.org	http://secunia.com/advisories/45185	Vendor Advisory
cve@mitre.org	http://www.isc.org/software/bind/advisories/cve-2011-2465	Patch, Vendor Advisory
cve@mitre.org	http://www.kb.cert.org/vuls/id/137968	US Government Resource
cve@mitre.org	http://www.securityfocus.com/archive/1/518750/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/48565
cve@mitre.org	http://www.securitytracker.com/id?1025743
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/68374
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/73604
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45185	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.isc.org/software/bind/advisories/cve-2011-2465	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/137968	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518750/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/48565
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1025743
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/68374

Impacted products

Vendor	Product	Version
isc	bind	9.8.0
isc	bind	9.8.0
isc	bind	9.8.0
isc	bind	9.8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EBDD71E-6F17-4EB6-899F-E27A93CDFDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "25855A5C-302F-4A82-AEC1-8C4C9CB70362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.8.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "03E68ACA-0288-4EE5-9250-54711B2E6670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.8.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "FCC604FD-A834-4BA7-B1E2-1FCB6A583204",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en ISC BIND 9 v9.8.0, v9.8.0-P1, v9.8.0-P2, y v9.8.1b1, cuando la reclusi\u00f3n est\u00e1 habilitada y la Response Policy Zone (RPZ) contiene DNAME o algun registro CNAME, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una consulta no especificada"
    }
  ],
  "id": "CVE-2011-2465",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-08T20:55:00.930",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/73604"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45185"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/137968"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48565"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1025743"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/73604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/137968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518750/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68374"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-381

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités présentes dans Bind permettent à un utilisateur distant malintentionné de provoquer un déni de service.

Description

Deux vulnérabilités sont présentes dans le serveur DNS Bind :

la première, de nature non-précisée par l'éditeur, permet à un utilisateur distant de provoquer un arrêt inopiné du service named par le biais d'un paquet construit de façon particulière.
la seconde concerne la mise en œuvre des Response Policy Zone (RPZ) et permet, sous certaines conditions, à un utilisateur distant de provoquer un déni de service.

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	ISC	BIND	les versions 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3 et 9.8.1b1 sont affectées par la vulnérabilité CVE-2011-2464 ;
	ISC	BIND	les versions 9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 sont affectées par la vulnérabilité CVE-2011-2465.

References

Title

Publication Time

Tags

Bulletins de sécurité ISC Bind du 05 juillet 2011	None	vendor-advisory
Bulletin de sécurité Debian DSA 2272 du 05 juillet 2011 :	-	other
Bulletin de sécurité HP du 20 janvier 2012 :	-	other
Bulletin de sécurité Ubuntu USN-1163-1 du 05 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3 et 9.8.1b1 sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2011-2464 ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "les versions 9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2011-2465.",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le serveur DNS Bind :\n\n-   la premi\u00e8re, de nature non-pr\u00e9cis\u00e9e par l\u0027\u00e9diteur, permet \u00e0 un\n    utilisateur distant de provoquer un arr\u00eat inopin\u00e9 du service named\n    par le biais d\u0027un paquet construit de fa\u00e7on particuli\u00e8re.\n-   la seconde concerne la mise en \u0153uvre des Response Policy Zone (RPZ)\n    et permet, sous certaines conditions, \u00e0 un utilisateur distant de\n    provoquer un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2464"
    },
    {
      "name": "CVE-2011-2465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2465"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2272 du 05 juillet 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2272"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP du 20 janvier 2012\u00a0:",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03070783"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1163-1 du 05 juillet 2011 :",
      "url": "http://www.ubuntulinux.org/usn/usn-1163-1"
    }
  ],
  "reference": "CERTA-2011-AVI-381",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-06T00:00:00.000000"
    },
    {
      "description": "ajout du belletin de s\u00e9curit\u00e9 HP.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Bind permettent \u00e0 un utilisateur\ndistant malintentionn\u00e9 de provoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 ISC Bind du 05 juillet 2011",
      "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
    }
  ]
}

CERTA-2011-AVI-381

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités présentes dans Bind permettent à un utilisateur distant malintentionné de provoquer un déni de service.

Description

Deux vulnérabilités sont présentes dans le serveur DNS Bind :

la première, de nature non-précisée par l'éditeur, permet à un utilisateur distant de provoquer un arrêt inopiné du service named par le biais d'un paquet construit de façon particulière.
la seconde concerne la mise en œuvre des Response Policy Zone (RPZ) et permet, sous certaines conditions, à un utilisateur distant de provoquer un déni de service.

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	ISC	BIND	les versions 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3 et 9.8.1b1 sont affectées par la vulnérabilité CVE-2011-2464 ;
	ISC	BIND	les versions 9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 sont affectées par la vulnérabilité CVE-2011-2465.

References

Title

Publication Time

Tags

Bulletins de sécurité ISC Bind du 05 juillet 2011	None	vendor-advisory
Bulletin de sécurité Debian DSA 2272 du 05 juillet 2011 :	-	other
Bulletin de sécurité HP du 20 janvier 2012 :	-	other
Bulletin de sécurité Ubuntu USN-1163-1 du 05 juillet 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "les versions 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0, 9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2, 9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2, 9.8.0-P3 et 9.8.1b1 sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2011-2464 ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "les versions 9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2011-2465.",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le serveur DNS Bind :\n\n-   la premi\u00e8re, de nature non-pr\u00e9cis\u00e9e par l\u0027\u00e9diteur, permet \u00e0 un\n    utilisateur distant de provoquer un arr\u00eat inopin\u00e9 du service named\n    par le biais d\u0027un paquet construit de fa\u00e7on particuli\u00e8re.\n-   la seconde concerne la mise en \u0153uvre des Response Policy Zone (RPZ)\n    et permet, sous certaines conditions, \u00e0 un utilisateur distant de\n    provoquer un d\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2464"
    },
    {
      "name": "CVE-2011-2465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2465"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2272 du 05 juillet 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2272"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP du 20 janvier 2012\u00a0:",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03070783"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1163-1 du 05 juillet 2011 :",
      "url": "http://www.ubuntulinux.org/usn/usn-1163-1"
    }
  ],
  "reference": "CERTA-2011-AVI-381",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-07-06T00:00:00.000000"
    },
    {
      "description": "ajout du belletin de s\u00e9curit\u00e9 HP.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Bind permettent \u00e0 un utilisateur\ndistant malintentionn\u00e9 de provoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 ISC Bind du 05 juillet 2011",
      "url": "http://www.isc.org/software/bind/advisories/cve-2011-2465"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2465 (GCVE-0-2011-2465)

GHSA-MQ9V-93WJ-M5JW

GSD-2011-2465

FKIE_CVE-2011-2465

CERTA-2011-AVI-381

Description

Solution

CERTA-2011-AVI-381

Description

Solution

Tags

Sightings

Nomenclature