Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2012-5688

Published: 06/12/2012 Updated: 06/12/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 695
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Isc

Vulnerability Summary

ISC BIND 9.8.x prior to 9.8.4-P1 and 9.9.x prior to 9.9.2-P1, when DNS64 is enabled, allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via a crafted query.

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.8.0

isc bind 9.8.1

isc bind 9.8.2

isc bind 9.8.3

isc bind 9.9.0

isc bind 9.9.1

canonical ubuntu linux 12.10

canonical ubuntu linux 12.04

Vendor Advisories

Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic Updated bind packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability Scor ...
Debian CVElist Bug Report Logs: bind9: CVE-2012-5688
Debian Bug report logs - #695192 bind9: CVE-2012-5688 Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 5 Dec 2012 08:36:02 UTC Severity: grave Tags: security Found i ...
Ubuntu Security Notice: bind9 vulnerability
Bind could be made to crash if it received specially crafted network traffic ...
Amazon Linux AMI: ALAS-2012-146
A flaw was found in the DNS64 implementation in BIND If a remote attacker sent a specially-crafted query to a named server, named could exit unexpectedly with an assertion failure Note that DNS64 support is not enabled by default (CVE-2012-5688) ...

Github Repositories

https://github.com/Reverier-Xu/bind-EDNS-SUBNET-patched

patched dig-9.9.3 that supports edns-subnet

Bind 910 版本官方已经merge了EDNS CLIENT SUBNET功能, 此仓库请勿使用!! Bind-993 --Reverier-patched 本仓库包含已经编译好的打过补丁的bind-993 Usage 在本仓库目录下, 执行 /bin/dig/dig @<DNS Server> <Target Server Domain> +client=<Querier IP address> 即可

https://github.com/Reverier-Xu/bind-EDNS-client-subnet-patched

patched dig-9.9.3 that supports edns-subnet

Bind 910 版本官方已经merge了EDNS CLIENT SUBNET功能, 此仓库请勿使用!! Bind-993 --Reverier-patched 本仓库包含已经编译好的打过补丁的bind-993 Usage 在本仓库目录下, 执行 /bin/dig/dig @<DNS Server> <Target Server Domain> +client=<Querier IP address> 即可

References

CWE-20https://kb.isc.org/article/AA-00828http://rhn.redhat.com/errata/RHSA-2012-1549.htmlhttp://www.ubuntu.com/usn/USN-1657-1http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://support.apple.com/kb/HT5880http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004https://access.redhat.com/errata/RHSA-2012:1549https://usn.ubuntu.com/1657-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook