VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
JVNDB-2010-002543     ( CVE-2010-3613 | CVE-2010-3613 )
ISC BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002543.html

Original

Internet Systems Consortium (ISC) が提供する BIND ネームサーバには、サービス運用妨害 (DoS) 攻撃の脆弱性が存在します。 ISC から、以下の脆弱性情報が公開されています。 Adding certain types of signed negative responses to cache doesn't clear any matching RRSIG records already in cache. A subsequent lookup of the cached data can cause named to crash (INSIST).

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
JVN iPedia
First Published:
2010-12-24
Source Information Category:
Advisory, Alert
Last Updated:
2010-12-24




Affected Product Tags
cpe:/a:isc:bind
cpe:/o:misc:miraclelinux_asianux_server:3::x86
cpe:/o:misc:miraclelinux_asianux_server:3::x86-64
cpe:/o:redhat:enterprise_linux:4.8::as
cpe:/o:redhat:enterprise_linux:4.8::es
cpe:/o:redhat:enterprise_linux:4::as
cpe:/o:redhat:enterprise_linux:4::es
cpe:/o:redhat:enterprise_linux:4::ws
cpe:/o:redhat:enterprise_linux:5::server
cpe:/o:redhat:enterprise_linux_desktop:4.0
cpe:/o:redhat:enterprise_linux_desktop:5.0::client
cpe:/o:redhat:enterprise_linux_desktop:6
cpe:/o:redhat:enterprise_linux_hpc_node:6
cpe:/o:redhat:enterprise_linux_server:6
cpe:/o:redhat:enterprise_linux_workstation:6
cpe:/o:redhat:rhel_desktop_workstation:5::client
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
X Single [?]
None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives
Common Vulnerabilities and Exposures (CVE) CVE-2010-3613




National Vulnerability Database (NVD) CVE-2010-3613








References
Asianux Technical Support Network bind-9.3.6-4.P1.3.0.1.AXS3




ISC BIND cve-2010-3613




ISC BIND BIND-9.7.2-P3 Release Note




ISC BIND BIND-9.6.2-P3 Release Note




ISC BIND BIND-9.6-ESV-R3 Release Note




Internet Systems Consortium Security Advisory Guidance regarding Dec 1st 2010 Security Advisories (CVE-2010-3613)




JVN JVNVU#706148




OPEN SOURCE VULNERABILITY DATABASE (OSVDB) 69558




Red Hat Security Advisory RHSA-2010:0975




Red Hat Security Advisory RHSA-2010:0976




Red Hat Security Advisory RHSA-2010:1000




Secunia Advisory SA42374




SecurityFocus 45133




SecurityTracker 1024817




US-CERT Vulnerability Note VU#706148




VUPEN Security VUPEN/ADV-2010-3102




共通脆弱性タイプ一覧 (CWE) 認可・権限・アクセス制御 (CWE-264)




Copyright © 2010 JPCERT/CC All Rights Reserved.