Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-3613

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.

Published

2010-12-06T13:44:54.033

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6.2	Yes
Application	isc	bind	9.6.2	Yes
Application	isc	bind	9.6.2	Yes
Application	isc	bind	9.6.2	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.0	Yes
Application	isc	bind	9.7.1	Yes
Application	isc	bind	9.7.1	Yes
Application	isc	bind	9.7.1	Yes
Application	isc	bind	9.7.1	Yes
Application	isc	bind	9.7.1	Yes
Application	isc	bind	9.7.2	Yes
Application	isc	bind	9.7.2	Yes
Application	isc	bind	9.7.2	Yes

References

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc ([email protected])
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html ([email protected])
http://lists.vmware.com/pipermail/security-announce/2011/000126.html ([email protected])
http://marc.info/?l=bugtraq&m=130270720601677&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=130270720601677&w=2 ([email protected])
http://secunia.com/advisories/42374 Vendor Advisory ([email protected])
http://secunia.com/advisories/42459 Vendor Advisory ([email protected])
http://secunia.com/advisories/42522 Vendor Advisory ([email protected])
http://secunia.com/advisories/42671 ([email protected])
http://secunia.com/advisories/42707 ([email protected])
http://secunia.com/advisories/43141 ([email protected])
http://securitytracker.com/id?1024817 ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190 ([email protected])
http://support.apple.com/kb/HT5002 ([email protected])
http://support.avaya.com/css/P8/documents/100124923 ([email protected])
http://www.debian.org/security/2010/dsa-2130 ([email protected])
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories ([email protected])
http://www.isc.org/software/bind/advisories/cve-2010-3613 Vendor Advisory ([email protected])
http://www.kb.cert.org/vuls/id/706148 US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 ([email protected])
http://www.osvdb.org/69558 ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0975.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0976.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-1000.html ([email protected])
http://www.securityfocus.com/archive/1/516909/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/45133 ([email protected])
http://www.ubuntu.com/usn/USN-1025-1 ([email protected])
http://www.vmware.com/security/advisories/VMSA-2011-0004.html ([email protected])
http://www.vupen.com/english/advisories/2010/3102 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/3103 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/3138 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/3139 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/3140 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0267 ([email protected])
http://www.vupen.com/english/advisories/2011/0606 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601 ([email protected])
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.vmware.com/pipermail/security-announce/2011/000126.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130270720601677&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130270720601677&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42374 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42459 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42522 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42671 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42707 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43141 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1024817 (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT5002 (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/css/P8/documents/100124923 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2130 (af854a3a-2127-422b-91ae-364da2661108)
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories (af854a3a-2127-422b-91ae-364da2661108)
http://www.isc.org/software/bind/advisories/cve-2010-3613 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/706148 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/69558 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0975.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0976.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-1000.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/516909/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45133 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1025-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2011-0004.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3102 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3103 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3138 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3139 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3140 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0267 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0606 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601 (af854a3a-2127-422b-91ae-364da2661108)