FKIE_CVE-2011-0414

Vulnerability from fkie_nvd - Published: 2011-02-23 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.
References
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
cret@cert.orghttp://secunia.com/advisories/43439
cret@cert.orghttp://secunia.com/advisories/43443Vendor Advisory
cret@cert.orghttp://www.debian.org/security/2011/dsa-2208
cret@cert.orghttp://www.isc.org/software/bind/advisories/cve-2011-0414Vendor Advisory
cret@cert.orghttp://www.kb.cert.org/vuls/id/449980US Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/559980US Government Resource
cret@cert.orghttp://www.securitytracker.com/id?1025110
cret@cert.orghttp://www.ubuntu.com/usn/USN-1070-1
cret@cert.orghttp://www.vupen.com/english/advisories/2011/0466Vendor Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2011/0489Vendor Advisory
cret@cert.orghttps://bugzilla.redhat.com/show_bug.cgi?id=679496
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43439
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43443Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2208
af854a3a-2127-422b-91ae-364da2661108http://www.isc.org/software/bind/advisories/cve-2011-0414Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/449980US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/559980US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025110
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1070-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0466Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0489Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=679496
Impacted products
Vendor Product Version
isc bind 9.7.1
isc bind 9.7.1
isc bind 9.7.1
isc bind 9.7.1
isc bind 9.7.2
isc bind 9.7.2
isc bind 9.7.2
isc bind 9.7.2
isc bind 9.7.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC642B5-ACA4-4764-A9F2-3C87D5D8E9E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "A16CE093-38E0-4274-AD53-B807DE72AF91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:*",
              "matchCriteriaId": "2FB97DEB-A0A4-458C-A94B-46B7264AB0F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BFDF6597-7131-4080-BCFC-46032138646C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "881B8C5B-8A66-45AC-85E6-758B8A8153BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E2D144E-6A15-4B45-8B15-15B60FB33D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B5690EC8-66C9-4316-BEAB-C218843F7FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "FBF13572-C341-4FB1-BAFD-AF8F0C5EF510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0B1D9F9C-54C2-485F-9B66-4AEA0573BC2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update."
    },
    {
      "lang": "es",
      "value": "En ISC BIND versi\u00f3n 9.7.1 hasta 9.7.2-P3, cuando est\u00e1 configurado como un servidor autorizado, permite a los atacantes remotos generar una denegaci\u00f3n de servicio (punto muerto y suspensi\u00f3n de demonio) al enviar una consulta en el momento de (1) una transferencia IXFR o ( 2) una actualizaci\u00f3n de DDNS."
    }
  ],
  "id": "CVE-2011-0414",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-23T19:00:01.907",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/43439"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43443"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.debian.org/security/2011/dsa-2208"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.isc.org/software/bind/advisories/cve-2011-0414"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/449980"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/559980"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1025110"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.ubuntu.com/usn/USN-1070-1"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0466"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0489"
    },
    {
      "source": "cret@cert.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.isc.org/software/bind/advisories/cve-2011-0414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/449980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/559980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1070-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679496"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.