Published: 05/10/2010 Updated: 10/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

ISC BIND prior to 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote malicious users to cause a denial of service (daemon crash) via a DNS query.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind

An attacker could send crafted input to Bind and cause it to crash ...

Debian Bug report logs - #599515 bind9: CVE-2010-3762 Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 8 Oct 2010 10:33:01 UTC Severity: grave Tags: securi ...

Several remote vulnerabilities have been discovered in BIND, an implementation of the DNS protocol suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3762 When DNSSEC validation is enabled, BIND does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, whi ...

CWE-20 http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html http://www.redhat.com/support/errata/RHSA-2010-0976.html http://www.debian.org/security/2010/dsa-2130 http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 http://support.avaya.com/css/P8/documents/100124923 http://www.securityfocus.com/bid/45385 http://www.vmware.com/security/advisories/VMSA-2011-0004.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://www.vupen.com/english/advisories/2011/0606 http://www.securityfocus.com/archive/1/516909/100/0/threaded https://usn.ubuntu.com/1139-1/https://nvd.nist.gov

CVE-2010-3762

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect