Vulnerability Description
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | 9.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.h
- http://lists.vmware.com/pipermail/security-announce/2011/000126.html
- http://secunia.com/advisories/42435Vendor Advisory
- http://secunia.com/advisories/42459Vendor Advisory
- http://secunia.com/advisories/42522Vendor Advisory
- http://secunia.com/advisories/42671
- http://securitytracker.com/id?1024817
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware
- http://support.apple.com/kb/HT5002
- http://support.avaya.com/css/P8/documents/100124923
- http://www.debian.org/security/2010/dsa-2130
- http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisor
- http://www.isc.org/software/bind/advisories/cve-2010-3614Vendor Advisory
FAQ
What is CVE-2010-3614?
CVE-2010-3614 is a vulnerability with a CVSS score of 6.4 (MEDIUM). named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY al...
How severe is CVE-2010-3614?
CVE-2010-3614 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3614?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind.