CVE-2012-5688

ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1549.html	Third Party Advisory
http://support.apple.com/kb/HT5880	Third Party Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004	Third Party Advisory
http://www.ubuntu.com/usn/USN-1657-1	Third Party Advisory
https://kb.isc.org/article/AA-00828	Patch Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1549.html	Third Party Advisory
http://support.apple.com/kb/HT5880	Third Party Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004	Third Party Advisory
http://www.ubuntu.com/usn/USN-1657-1	Third Party Advisory
https://kb.isc.org/article/AA-00828	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:isc:bind:9.8.0:-::::::
	cpe:2.3:a:isc:bind:9.8.0:a1::::::
	cpe:2.3:a:isc:bind:9.8.0:b1::::::
	cpe:2.3:a:isc:bind:9.8.0:p1::::::
	cpe:2.3:a:isc:bind:9.8.0:p2::::::
	cpe:2.3:a:isc:bind:9.8.0:p4::::::
	cpe:2.3:a:isc:bind:9.8.0:rc1::::::
	cpe:2.3:a:isc:bind:9.8.1:-::::::
	cpe:2.3:a:isc:bind:9.8.1:b1::::::
	cpe:2.3:a:isc:bind:9.8.1:b2::::::
	cpe:2.3:a:isc:bind:9.8.1:b3::::::
	cpe:2.3:a:isc:bind:9.8.1:p1::::::
	cpe:2.3:a:isc:bind:9.8.1:rc1::::::
	cpe:2.3:a:isc:bind:9.8.2:-::::::
	cpe:2.3:a:isc:bind:9.8.2:b1::::::
	cpe:2.3:a:isc:bind:9.8.2:rc1::::::
	cpe:2.3:a:isc:bind:9.8.2:rc2::::::
	cpe:2.3:a:isc:bind:9.8.3:-::::::
	cpe:2.3:a:isc:bind:9.8.3:p1::::::
	cpe:2.3:a:isc:bind:9.8.3:p2::::::
	cpe:2.3:a:isc:bind:9.8.3:p3::::::
	cpe:2.3:a:isc:bind:9.8.3:p4::::::

Configuration 2 (hide)

OR	cpe:2.3:a:isc:bind:9.9.0:-::::::
	cpe:2.3:a:isc:bind:9.9.0:a1::::::
	cpe:2.3:a:isc:bind:9.9.0:a2::::::
	cpe:2.3:a:isc:bind:9.9.0:a3::::::
	cpe:2.3:a:isc:bind:9.9.0:b1::::::
	cpe:2.3:a:isc:bind:9.9.0:b2::::::
	cpe:2.3:a:isc:bind:9.9.0:rc1::::::
	cpe:2.3:a:isc:bind:9.9.0:rc2::::::
	cpe:2.3:a:isc:bind:9.9.0:rc3::::::
	cpe:2.3:a:isc:bind:9.9.0:rc4::::::
	cpe:2.3:a:isc:bind:9.9.1:-::::::
	cpe:2.3:a:isc:bind:9.9.1:p1::::::
	cpe:2.3:a:isc:bind:9.9.1:p2::::::
	cpe:2.3:a:isc:bind:9.9.1:p3::::::
	cpe:2.3:a:isc:bind:9.9.1:p4::::::

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

History

21 Nov 2024, 01:45

Type	Values Removed	Values Added
References	~~() http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html - Mailing List, Third Party Advisory~~	() http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html - Mailing List, Third Party Advisory
References	~~() http://rhn.redhat.com/errata/RHSA-2012-1549.html - Third Party Advisory~~	() http://rhn.redhat.com/errata/RHSA-2012-1549.html - Third Party Advisory
References	~~() http://support.apple.com/kb/HT5880 - Third Party Advisory~~	() http://support.apple.com/kb/HT5880 - Third Party Advisory
References	~~() http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 - Third Party Advisory~~	() http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 - Third Party Advisory
References	~~() http://www.ubuntu.com/usn/USN-1657-1 - Third Party Advisory~~	() http://www.ubuntu.com/usn/USN-1657-1 - Third Party Advisory
References	~~() https://kb.isc.org/article/AA-00828 - Patch, Vendor Advisory~~	() https://kb.isc.org/article/AA-00828 - Patch, Vendor Advisory

Information

Published : 2012-12-06 11:45

Updated : 2024-11-21 01:45

NVD link : CVE-2012-5688

Mitre link : CVE-2012-5688

CVE.ORG link : CVE-2012-5688

JSON object : View

Products Affected

isc

bind

canonical

ubuntu_linux

CWE

CWE-20

Improper Input Validation

7.8 /10