ID

VAR-201210-0300


CVE

CVE-2012-5166


TITLE

ISC BIND Digital error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201210-182

DESCRIPTION

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the 'named' process to lockup, denying service to legitimate users. [RT #31090] (CVE-2012-5166). The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQdULemqjQ0CJFipgRAqmHAKDZVAV8OmU7wk0ieb0RhgXhjp1/hQCgwfW7 zf2hK/iuE08rZtMXpzK6bIs= =JF6q -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: ISC BIND Resource Record Denial of Service Vulnerability SECUNIA ADVISORY ID: SA50610 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50610 RELEASE DATE: 2012-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/50610/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50610/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50610 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error when processing resource records having RDATA greater than 65535 bytes. This can be exploited to e.g. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://kb.isc.org/article/AA-00778/74 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/bind-9.9.2_P1-i486-1_slack14.0.txz: Upgraded. IMPORTANT NOTE: This package updates BIND from 9.7.6_P4 to 9.8.4_P1 since the 9.7 series is no longer supported. It is possible that some changes may be required to your local configuration. This release addresses some denial-of-service and other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.8.4_P1-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.8.4_P1-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.8.4_P1-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.8.4_P1-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.8.4_P1-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.8.4_P1-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.8.4_P1-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.8.4_P1-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.2_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.2_P1-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.9.2_P1-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.9.2_P1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.1 package: 2df945fd92d480df98711992180cdd70 bind-9.8.4_P1-i486-1_slack12.1.tgz Slackware 12.2 package: ddf762702befde00ab86cda1a5766bbd bind-9.8.4_P1-i486-1_slack12.2.tgz Slackware 13.0 package: b6c9a8f1262bd39db2dd77034f58e568 bind-9.8.4_P1-i486-1_slack13.0.txz Slackware x86_64 13.0 package: b35c20ad9778035c7e04ef2944375608 bind-9.8.4_P1-x86_64-1_slack13.0.txz Slackware 13.1 package: a6b061aeb84003ea7b6ddcc157e0db65 bind-9.8.4_P1-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 54ee26b4924ab502eedfd024d83db20e bind-9.8.4_P1-x86_64-1_slack13.1.txz Slackware 13.37 package: 04d40ede0a96160e79767bf995469773 bind-9.8.4_P1-i486-1_slack13.37.txz Slackware x86_64 13.37 package: f4635df06e3c0f62f035d00e15b0f5fb bind-9.8.4_P1-x86_64-1_slack13.37.txz Slackware 14.0 package: 66612ea03941fc8ef5ef21409ecc6fe3 bind-9.9.2_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 6f664fe7e955c0dbe806a63ad9212c00 bind-9.9.2_P1-x86_64-1_slack14.0.txz Slackware -current package: 83bc10ca67bede66bf742a7d0ab6e628 n/bind-9.9.2_P1-i486-1.txz Slackware x86_64 -current package: 4a539dd88ef3637eee56693c037a3dc8 n/bind-9.9.2_P1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.2_P1-i486-1_slack14.0.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1363-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1363.html Issue date: 2012-10-12 CVE Names: CVE-2012-5166 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. (CVE-2012-5166) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 864273 - CVE-2012-5166 bind: Specially crafted DNS data can cause a lockup in named 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.5.i386.rpm bind-utils-9.3.6-20.P1.el5_8.5.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-9.3.6-20.P1.el5_8.5.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.5.i386.rpm bind-utils-9.3.6-20.P1.el5_8.5.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.5.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.5.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.5.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.5.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.5.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.5.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.5.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.5.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.5.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.5.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.5.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.5.s390.rpm bind-devel-9.3.6-20.P1.el5_8.5.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.5.s390.rpm bind-libs-9.3.6-20.P1.el5_8.5.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.5.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.5.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5166.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-5166 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQeHsjXlSAg2UNWIIRAh5WAKCrcGYeGKxZlUpFiV7+CdpBVf7kWQCfbDMu 9mwEOEhLkEOAFKKQxmYZyOc= =W+gi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2016-01-28 Last Updated: 2016-01-28 Potential Security Impact: Remote Code Execution, Denial of Service (DoS), Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). References: - CVE-2007-0493 - CVE-2007-0494 - CVE-2012-1667 - CVE-2012-5166 - CVE-2012-4244 - CVE-2009-4022 - CVE-2010-0097 - CVE-2008-0122 - PSRT110022 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS TCPIP Services V 5.7 ECO5 BIND BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2007-0493 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2007-0494 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2012-1667 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 CVE-2012-5166 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2012-4244 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-4022 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-0097 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following patch kits available to resolve the vulnerabilities with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS | Platform | Patch Kit Name | |-----------------------|---------------------------------------| | Alpha OpenVMS V8.4 | DEC-AXPVMS-TCPIP_CVE_PAT-V0507-ECO5-4 | | ITANIUM OpenVMS V8.4 | HP-I64VMS-TCPIP_CVE_PAT-V0507-ECO5-4 | **Notes:** - For CVE-2008-0122, please contact HPE OpenVMS support to request patch kit TCPIP$IPC_SHR (V5.7-ECO5B) that is now available after the above patch release. - Please read the release notes of these kits for more information including other features that are provided. HISTORY Version:1 (rev.1) - 28 January 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.9.4_p2 >= 9.9.4_p2 Description =========== Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.4_p2" References ========== [ 1 ] CVE-2012-5166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166 [ 2 ] CVE-2012-5688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688 [ 3 ] CVE-2012-5689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5689 [ 4 ] CVE-2013-2266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266 [ 5 ] CVE-2013-3919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3919 [ 6 ] CVE-2013-4854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854 [ 7 ] CVE-2014-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0591 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-34.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-10-11 13:25:09 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-10-10 19:50:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4244, CVE-2012-5166 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. II. Problem Description The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. III. Impact A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. IV. Workaround No workaround is available, but systems not running the BIND name server are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, or 9.1-RC1 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 4) Install and run BIND from the Ports Collection after the correction date. The following versions and newer versions of BIND installed from the Ports Collection are not affected by this vulnerability: bind96-9.6.3.1.ESV.R7.4 bind97-9.7.6.4 bind98-9.8.3.4 bind99-9.9.1.4 VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r243418 releng/7.4/ r243417 stable/8/ r241443 releng/8.3/ r243417 stable/9/ r241415 releng/9.0/ r243417 releng/9.1/ r243417 - ------------------------------------------------------------------------- VII

Trust: 1.98

sources: NVD: CVE-2012-5166 // BID: 55852 // VULMON: CVE-2012-5166 // PACKETSTORM: 117285 // PACKETSTORM: 116541 // PACKETSTORM: 118736 // PACKETSTORM: 117344 // PACKETSTORM: 117346 // PACKETSTORM: 135504 // PACKETSTORM: 124979 // PACKETSTORM: 118325

AFFECTED PRODUCTS

vendor:iscmodel:bindscope:eqversion:9.6

Trust: 1.9

vendor:iscmodel:bindscope:eqversion:9.7.1

Trust: 1.9

vendor:iscmodel:bindscope:eqversion:9.7.0

Trust: 1.9

vendor:iscmodel:bindscope:eqversion:9.7.2

Trust: 1.6

vendor:iscmodel:bindscope:eqversion:9.4.0

Trust: 1.6

vendor:iscmodel:bindscope:eqversion:9.3.2

Trust: 1.6

vendor:iscmodel:bindscope:eqversion:9.4

Trust: 1.3

vendor:iscmodel:bindscope:eqversion:9.3.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.4.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.4.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.8

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.9

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.7

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.4

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.9.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.0.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.0.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.6

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.9.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.6

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.4.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.4

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.6

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.4

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.3

Trust: 1.0

vendor:intelmodel:mcafee firewall enterprise 7.0.1.03h06scope:neversion: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:freebsdmodel:9.0-rc1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:9.4.8

Trust: 0.3

vendor:f5model:big-ip link controller hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:3.0

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:9.4.80

Trust: 0.3

vendor:f5model:big-ip apm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:emcmodel:vplex geosynchronyscope:eqversion:5.2.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.3

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip edge gateway hf3scope:neversion:11.2

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:neversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.1

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c5.11scope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise server sp1 ltssscope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:9.2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:neversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:f5model:big-ip gtm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.0

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:neversion:6.3.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.16

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip psm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.1

Trust: 0.3

vendor:f5model:big-ip apm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:mcafeemodel:firewall enterprisescope:eqversion:7.0.1.03

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:neversion:11.3

Trust: 0.3

vendor:f5model:big-ip gtm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:f5model:big-ip ltm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:collaxmodel:business serverscope:eqversion:5.5

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.4.80

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.12

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.0

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprisescope:eqversion:8.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.1

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms bind eco5scope:eqversion:5.7

Trust: 0.3

vendor:freebsdmodel:8.0-releasescope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1.5

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.75

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:f5model:big-ip gtm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.00

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.0.00

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.5

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.1.0

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.5

Trust: 0.3

vendor:mcafeemodel:firewall enterprise 7.0.1.03h04scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.126

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.3

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:9.4.5

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:9.6.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip psm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip psmscope:neversion:11.3

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:collaxmodel:business serverscope:neversion:5.5.4

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip gtm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.2.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:neversion:11.3

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprise 8.2.1p06scope:neversion: -

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.4

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.6

Trust: 0.3

vendor:f5model:big-ip gtm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip link controller hf3scope:neversion:11.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.11

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.0

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.2.00

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.0.00

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.68

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.2.2

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip edge gateway hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:11.3

Trust: 0.3

vendor:emcmodel:vplex geosynchronyscope:neversion:5.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:9.4.8

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.1

Trust: 0.3

vendor:f5model:big-ip link controller hf5scope:neversion:10.2.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.2.00

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:enterprise managerscope:neversion:3.1

Trust: 0.3

vendor:f5model:big-ip edge gateway hf2scope:neversion:11.2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:f5model:big-ip psm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:9.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.0.00

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.10

Trust: 0.3

vendor:emcmodel:vplex geosynchronyscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:9.2.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprise 8.3.0p02scope:neversion: -

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp2scope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.40

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprisescope:eqversion:7.0.1.02

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise software development kit sp2scope:eqversion:11

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.1.0

Trust: 0.3

vendor:freebsdmodel:9.1-rc2scope:neversion: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:collaxmodel:business serverscope:eqversion:5.5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.8

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip psm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:9.4.8

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:freebsdmodel:9.0-rc3scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.2

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:11.3

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.3

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:neversion:11.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.2

Trust: 0.3

vendor:emcmodel:vplex geosynchrony sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.5

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:11.3.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:f5model:big-ip edge gateway hf5scope:neversion:10.2.4

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.9

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.1

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.3

Trust: 0.3

vendor:mcafeemodel:firewall enterprisescope:eqversion:8.2.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:11.3.0

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.2

Trust: 0.3

sources: BID: 55852 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5166
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201210-182
value: HIGH

Trust: 0.6

VULMON: CVE-2012-5166
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-5166
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

sources: VULMON: CVE-2012-5166 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.0

sources: NVD: CVE-2012-5166

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 117346 // PACKETSTORM: 118325 // CNNVD: CNNVD-201210-182

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201210-182

PATCH

title:bind-9.9.2-P1url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45066

Trust: 0.6

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121363 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind97 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121364 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121365 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2012-5166: Specially crafted DNS data can cause a lockup in namedurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e99545463f44dd9e58ef8aecc46750ec

Trust: 0.1

title:Debian Security Advisories: DSA-2560-1 bind9 -- denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7b9fe8ac24a68c94bee1a7c650a314f8

Trust: 0.1

title:Ubuntu Security Notice: bind9 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1601-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-138url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-138

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

sources: VULMON: CVE-2012-5166 // CNNVD: CNNVD-201210-182

EXTERNAL IDS

db:NVDid:CVE-2012-5166

Trust: 2.7

db:ISCid:AA-00801

Trust: 2.2

db:SECUNIAid:50956

Trust: 1.7

db:BIDid:55852

Trust: 1.4

db:SECUNIAid:50903

Trust: 1.1

db:SECUNIAid:51106

Trust: 1.1

db:SECUNIAid:50909

Trust: 1.1

db:SECUNIAid:51054

Trust: 1.1

db:SECUNIAid:51078

Trust: 1.1

db:SECUNIAid:51178

Trust: 1.1

db:SECUNIAid:51096

Trust: 1.1

db:OSVDBid:86118

Trust: 1.1

db:SECUNIAid:50878

Trust: 0.6

db:CNNVDid:CNNVD-201210-182

Trust: 0.6

db:SECUNIAid:50610

Trust: 0.2

db:ISCid:AA-00778

Trust: 0.2

db:VULMONid:CVE-2012-5166

Trust: 0.1

db:PACKETSTORMid:117285

Trust: 0.1

db:PACKETSTORMid:116541

Trust: 0.1

db:PACKETSTORMid:118736

Trust: 0.1

db:PACKETSTORMid:117344

Trust: 0.1

db:PACKETSTORMid:117346

Trust: 0.1

db:PACKETSTORMid:135504

Trust: 0.1

db:PACKETSTORMid:124979

Trust: 0.1

db:PACKETSTORMid:118325

Trust: 0.1

sources: VULMON: CVE-2012-5166 // BID: 55852 // PACKETSTORM: 117285 // PACKETSTORM: 116541 // PACKETSTORM: 118736 // PACKETSTORM: 117344 // PACKETSTORM: 117346 // PACKETSTORM: 135504 // PACKETSTORM: 124979 // PACKETSTORM: 118325 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

REFERENCES

url:https://kb.isc.org/article/aa-00801

Trust: 2.2

url:http://secunia.com/advisories/50956

Trust: 1.7

url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf

Trust: 1.4

url:https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of

Trust: 1.4

url:http://support.apple.com/kb/ht5880

Trust: 1.4

url:http://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc

Trust: 1.4

url:http://www.isc.org/software/bind/advisories/cve-2012-5166

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2012-1365.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2012-1363.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2012-1364.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-october/090491.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-october/090586.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00013.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html

Trust: 1.1

url:http://www.debian.org/security/2012/dsa-2560

Trust: 1.1

url:http://www.securityfocus.com/bid/55852

Trust: 1.1

url:http://secunia.com/advisories/51054

Trust: 1.1

url:http://secunia.com/advisories/50903

Trust: 1.1

url:http://secunia.com/advisories/50909

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-october/090346.html

Trust: 1.1

url:http://secunia.com/advisories/51096

Trust: 1.1

url:http://secunia.com/advisories/51106

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30366

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30368

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30364

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30367

Trust: 1.1

url:http://secunia.com/advisories/51078

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30365

Trust: 1.1

url:http://osvdb.org/86118

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30247

Trust: 1.1

url:http://secunia.com/advisories/51178

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:162

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30185

Trust: 1.1

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 1.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04952488

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19706

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5166

Trust: 0.7

url:http://secunia.com/advisories/50878

Trust: 0.6

url:http://www.collax.com/produkte/die-komplettloesung-fuer-kleine-unternehmen

Trust: 0.3

url:http://seclists.org/bugtraq/2014/mar/att-156/esa-2014-016.txt

Trust: 0.3

url:http://www.isc.org/products/bind/

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1683f-4d960e4b16bb2/cert_xrx13-004_v1.01.pdf

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100168007

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=kb76535

Trust: 0.3

url:http://www.freebsd.org/security/advisories/freebsd-sa-12:06.bind.asc

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04952488

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03526327&ac.admitted=1351077150059.876444892.492883150

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/14000/200/sol14201.html

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5166

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4244

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-5688

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-1667

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5166.html

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:http://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/189.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:1363

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=27151

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/1601-1/

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50610

Trust: 0.1

url:https://kb.isc.org/article/aa-00778/74

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/50610/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/50610/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3868

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5688

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3868

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3817

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1667

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4244.html

Trust: 0.1

url:http://www.isc.org/software/bind/advisories/cve-2012-4244

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0122

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0494

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0493

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0097

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0591

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3919

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3919

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5689

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201401-34.xml

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2266

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5688

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2266

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5166

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0591

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5689

Trust: 0.1

url:http://www.freebsd.org/handbook/makeworld.html>.

Trust: 0.1

url:http://security.freebsd.org/patches/sa-12:06/bind.patch.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-12:06/bind.patch

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4244

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:https://kb.isc.org/article/aa-00778

Trust: 0.1

url:http://security.freebsd.org/advisories/freebsd-sa-12:06.bind.asc

Trust: 0.1

sources: VULMON: CVE-2012-5166 // BID: 55852 // PACKETSTORM: 117285 // PACKETSTORM: 116541 // PACKETSTORM: 118736 // PACKETSTORM: 117344 // PACKETSTORM: 117346 // PACKETSTORM: 135504 // PACKETSTORM: 124979 // PACKETSTORM: 118325 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

CREDITS

Jake Montgomery of Dyn, Inc.

Trust: 0.3

sources: BID: 55852

SOURCES

db:VULMONid:CVE-2012-5166
db:BIDid:55852
db:PACKETSTORMid:117285
db:PACKETSTORMid:116541
db:PACKETSTORMid:118736
db:PACKETSTORMid:117344
db:PACKETSTORMid:117346
db:PACKETSTORMid:135504
db:PACKETSTORMid:124979
db:PACKETSTORMid:118325
db:CNNVDid:CNNVD-201210-182
db:NVDid:CVE-2012-5166

LAST UPDATE DATE

2024-11-22T20:14:18.613000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2012-5166date:2017-09-19T00:00:00
db:BIDid:55852date:2016-07-29T17:00:00
db:CNNVDid:CNNVD-201210-182date:2012-10-15T00:00:00
db:NVDid:CVE-2012-5166date:2017-09-19T01:35:29.763

SOURCES RELEASE DATE

db:VULMONid:CVE-2012-5166date:2012-10-10T00:00:00
db:BIDid:55852date:2012-10-09T00:00:00
db:PACKETSTORMid:117285date:2012-10-11T06:42:57
db:PACKETSTORMid:116541date:2012-09-14T01:16:19
db:PACKETSTORMid:118736date:2012-12-10T23:33:33
db:PACKETSTORMid:117344date:2012-10-12T23:39:07
db:PACKETSTORMid:117346date:2012-10-12T23:40:10
db:PACKETSTORMid:135504date:2016-01-29T20:33:00
db:PACKETSTORMid:124979date:2014-01-30T01:18:39
db:PACKETSTORMid:118325date:2012-11-23T17:16:44
db:CNNVDid:CNNVD-201210-182date:2012-10-15T00:00:00
db:NVDid:CVE-2012-5166date:2012-10-10T21:55:00.860