Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-4313

Published: 29/11/2011 Updated: 06/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Isc

Vulnerability Summary

query.c in ISC BIND 9.0.x up to and including 9.6.x, 9.4-ESV up to and including 9.4-ESV-R5, 9.6-ESV up to and including 9.6-ESV-R5, 9.7.0 up to and including 9.7.4, 9.8.0 up to and including 9.8.1, and 9.9.0a1 up to and including 9.9.0b1 allows remote malicious users to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.9.0

isc bind 9.8.0

isc bind 9.7.4

isc bind 9.7.2

isc bind 9.7.0

isc bind 9.6.2

isc bind 9.6.0

isc bind 9.5.2

isc bind 9.5.1

isc bind 9.5.0

isc bind 9.4.3

isc bind 9.4.0

isc bind 9.3.4

isc bind 9.3.3

isc bind 9.3.1

isc bind 9.3.0

isc bind 9.3

isc bind 9.2.7

isc bind 9.2.6

isc bind 9.2.4

isc bind 9.2.3

isc bind 9.2.1

isc bind 9.2.0

isc bind 9.1.3

isc bind 9.1.1

isc bind 9.0.1

isc bind 9.0

isc bind 9.8.1

isc bind 9.7.3

isc bind 9.7.1

isc bind 9.6.3

isc bind 9.6.1

isc bind 9.5

isc bind 9.4.2

isc bind 9.4

isc bind 9.3.6

isc bind 9.2.9

isc bind 9.2.5

isc bind 9.2.2

isc bind 9.0.0

isc bind 9.5.3

isc bind 9.3.5

isc bind 9.3.2

isc bind 9.1.0

isc bind 9.1

isc bind 9.4.1

isc bind 9.2.8

isc bind 9.1.2

isc bind 9.6

Vendor Advisories

Debian CVElist Bug Report Logs: BIND 9 Resolver crashes after logging an error in query.c
Debian Bug report logs - #649099 BIND 9 Resolver crashes after logging an error in queryc Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: sacrificial-spam-address@horizoncom Date: Thu, 17 Nov 2011 16:09:10 UTC Severit ...
Ubuntu Security Notice: bind9 vulnerability
Bind could be made to crash if it received specially crafted network traffic ...
Red Hat: Important: bind97 security update
Synopsis Important: bind97 security update Type/Severity Security Advisory: Important Topic Updated bind97 packages that fix one security issue are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic Updated bind packages that fix one security issue are now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability Scor ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic Updated bind packages that fix one security issue are now available for RedHat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerabilit ...
Debian Security Advisories: DSA-2347-1 bind9 -- improper assert
It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service Authoritative-only server configurations are not affected by this issue For the oldstable distribution (lenny), this problem has been fixed in version 1:96ESVR4+dfsg-0+lenny4 For the stable distributio ...
Amazon Linux AMI: ALAS-2011-024
A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion ...

References

NVD-CWE-noinfohttp://secunia.com/advisories/46829http://secunia.com/advisories/46906http://www.ubuntu.com/usn/USN-1264-1http://secunia.com/advisories/47043http://www.redhat.com/support/errata/RHSA-2011-1459.htmlhttp://www.debian.org/security/2011/dsa-2347http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_ofhttp://www.kb.cert.org/vuls/id/606539http://secunia.com/advisories/46943http://secunia.com/advisories/46984http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.htmlhttp://www-01.ibm.com/support/docview.wss?uid=isg1IV11106http://secunia.com/advisories/46887http://www.ibm.com/support/docview.wss?uid=isg1IV11248http://www.mandriva.com/security/advisories?name=MDVSA-2011:176http://secunia.com/advisories/46890http://secunia.com/advisories/46536http://www.isc.org/software/bind/advisories/cve-2011-4313http://www.securityfocus.com/bid/50690http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1458.htmlhttp://www.securitytracker.com/id?1026335http://osvdb.org/77159http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-11/msg00028.htmlhttp://secunia.com/advisories/46905http://secunia.com/advisories/47075http://marc.info/?l=bugtraq&m=132310123002302&w=2http://www.redhat.com/support/errata/RHSA-2011-1496.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlhttp://support.apple.com/kb/HT5501http://security.freebsd.org/advisories/FreeBSD-SA-11:06.bind.aschttp://marc.info/?l=bugtraq&m=141879471518471&w=2http://marc.info/?l=bugtraq&m=133978480208466&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/71332https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14343http://secunia.com/advisories/48308https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649099https://usn.ubuntu.com/1264-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/606539
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook