Vulnerability Description
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | 9.0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html
- http://marc.info/?l=bugtraq&m=142180687100892&w=2
- http://osvdb.org/72540
- http://secunia.com/advisories/44677
- http://secunia.com/advisories/44719Vendor Advisory
- http://secunia.com/advisories/44741
- http://secunia.com/advisories/44744
- http://secunia.com/advisories/44758
- http://secunia.com/advisories/44762
- http://secunia.com/advisories/44783
- http://secunia.com/advisories/44929
- http://security.freebsd.org/advisories/FreeBSD-SA-11:02.bind.asc
FAQ
What is CVE-2011-1910?
CVE-2011-1910 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service ...
How severe is CVE-2011-1910?
CVE-2011-1910 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1910?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind.