Vulnerability Description
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | 9.6 |
Related Weaknesses (CWE)
References
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.h
- http://lists.vmware.com/pipermail/security-announce/2011/000126.html
- http://marc.info/?l=bugtraq&m=130270720601677&w=2
- http://secunia.com/advisories/42374Vendor Advisory
- http://secunia.com/advisories/42459Vendor Advisory
- http://secunia.com/advisories/42522Vendor Advisory
- http://secunia.com/advisories/42671
- http://secunia.com/advisories/42707
- http://secunia.com/advisories/43141
- http://securitytracker.com/id?1024817
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware
- http://support.apple.com/kb/HT5002
FAQ
What is CVE-2010-3613?
CVE-2010-3613 is a vulnerability with a CVSS score of 4.0 (MEDIUM). named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in t...
How severe is CVE-2010-3613?
CVE-2010-3613 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3613?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind.