ID

VAR-201210-0300


CVE

CVE-2012-5166


TITLE

ISC BIND Service disruption in (named Daemon hang ) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-004866

DESCRIPTION

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the 'named' process to lockup, denying service to legitimate users. [RT #31090] (CVE-2012-5166). The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQdULemqjQ0CJFipgRAqmHAKDZVAV8OmU7wk0ieb0RhgXhjp1/hQCgwfW7 zf2hK/iuE08rZtMXpzK6bIs= =JF6q -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: ISC BIND Resource Record Denial of Service Vulnerability SECUNIA ADVISORY ID: SA50610 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50610 RELEASE DATE: 2012-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/50610/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50610/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50610 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error when processing resource records having RDATA greater than 65535 bytes. This can be exploited to e.g. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://kb.isc.org/article/AA-00778/74 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/bind-9.9.2_P1-i486-1_slack14.0.txz: Upgraded. IMPORTANT NOTE: This package updates BIND from 9.7.6_P4 to 9.8.4_P1 since the 9.7 series is no longer supported. It is possible that some changes may be required to your local configuration. This release addresses some denial-of-service and other bugs. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3868 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.8.4_P1-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.8.4_P1-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.8.4_P1-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.8.4_P1-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.8.4_P1-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.8.4_P1-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.8.4_P1-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.8.4_P1-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.2_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.2_P1-x86_64-1_slack14.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.9.2_P1-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.9.2_P1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.1 package: 2df945fd92d480df98711992180cdd70 bind-9.8.4_P1-i486-1_slack12.1.tgz Slackware 12.2 package: ddf762702befde00ab86cda1a5766bbd bind-9.8.4_P1-i486-1_slack12.2.tgz Slackware 13.0 package: b6c9a8f1262bd39db2dd77034f58e568 bind-9.8.4_P1-i486-1_slack13.0.txz Slackware x86_64 13.0 package: b35c20ad9778035c7e04ef2944375608 bind-9.8.4_P1-x86_64-1_slack13.0.txz Slackware 13.1 package: a6b061aeb84003ea7b6ddcc157e0db65 bind-9.8.4_P1-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 54ee26b4924ab502eedfd024d83db20e bind-9.8.4_P1-x86_64-1_slack13.1.txz Slackware 13.37 package: 04d40ede0a96160e79767bf995469773 bind-9.8.4_P1-i486-1_slack13.37.txz Slackware x86_64 13.37 package: f4635df06e3c0f62f035d00e15b0f5fb bind-9.8.4_P1-x86_64-1_slack13.37.txz Slackware 14.0 package: 66612ea03941fc8ef5ef21409ecc6fe3 bind-9.9.2_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 6f664fe7e955c0dbe806a63ad9212c00 bind-9.9.2_P1-x86_64-1_slack14.0.txz Slackware -current package: 83bc10ca67bede66bf742a7d0ab6e628 n/bind-9.9.2_P1-i486-1.txz Slackware x86_64 -current package: 4a539dd88ef3637eee56693c037a3dc8 n/bind-9.9.2_P1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.2_P1-i486-1_slack14.0.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from VPLEX GeoSynchrony 4.0 through VPLEX GeoSynchrony 5.2.1 are affected Summary: EMC VPLEX GeoSynchrony 5.3 contains fixes for multiple vulnerabilities that could potentially be exploited by malicious users. Details: \x95Multiple Vulnerabilities affecting the VPLEX Web GUI. Please refer to the NVD website (http://web.nvd.nist.gov/) for more details on the below CVEs Path Traversal vulnerability in VPLEX GUI \x96 CVE-2014-0632 CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) VPLEX GUI Session Timeout validity vulnerability \x96 CVE-2014-0633 CVSS v2 Base Score: 7.7 (AV:A/AC:L/Au:S/C:C/I:C/A:C) Missing HttpOnly attribute vulnerability \x96 CVE-2014-0634 CVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Session Fixation vulnerability \x96 CVE-2014-0635 CVSS v2 Base Score: 7.5 (AV:N/AC:M/Au:S/C:C/I:P/A:P) BEAST Attack \x96 CVE-2011-3389 CVSS v2 Base Score: See NVD advisory for the CVSS score. \x95Multiple Embedded Component Vulnerabilities Multiple vulnerabilities in the following embedded components of the SLES Operating System have been fixed: Kernel: CVE-2011-1044, CVE-2011-4110, CVE-2012-2136 perl: CVE-2002-2443 krb5: CVE-2013-1667 bind packages: CVE-2012-5166 CVSS v2 Base Score: See NVD advisory for the individual CVSS scores. Remote Information Disclosure vulnerability in OpenSSH - CVE-2012-0814 CVSS v2 Base Score: See NVD advisory for the CVSS score. Multiple vulnerabilities in Oracle Java and Apache Tomcat: This release also contains critical security updates for Oracle Java and Apache Tomcat. Oracle Java has been upgraded to 1.6.0_45 and Apache tomcat has been upgraded to 6.0.36. Please refer the following links for more information: Java: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html Tomcat: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36 CVSS v2 Base Score: See vendor advisory for the individual CVSS scores. Resolution: EMC recommends all customers to upgrade to VPLEX GeoSynchrony version 5.3 at their earliest opportunity. Link to remedies: Customers can download the software from Support Zone. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1363-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1363.html Issue date: 2012-10-12 CVE Names: CVE-2012-5166 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. (CVE-2012-5166) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 864273 - CVE-2012-5166 bind: Specially crafted DNS data can cause a lockup in named 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.5.i386.rpm bind-utils-9.3.6-20.P1.el5_8.5.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-9.3.6-20.P1.el5_8.5.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.5.i386.rpm bind-utils-9.3.6-20.P1.el5_8.5.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.5.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.5.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.5.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.5.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.5.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.5.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.5.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.5.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.5.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.5.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.5.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.5.s390.rpm bind-devel-9.3.6-20.P1.el5_8.5.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.5.s390.rpm bind-libs-9.3.6-20.P1.el5_8.5.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.5.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.5.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5166.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-5166 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQeHsjXlSAg2UNWIIRAh5WAKCrcGYeGKxZlUpFiV7+CdpBVf7kWQCfbDMu 9mwEOEhLkEOAFKKQxmYZyOc= =W+gi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2016-01-28 Last Updated: 2016-01-28 Potential Security Impact: Remote Code Execution, Denial of Service (DoS), Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). References: - CVE-2007-0493 - CVE-2007-0494 - CVE-2012-1667 - CVE-2012-5166 - CVE-2012-4244 - CVE-2009-4022 - CVE-2010-0097 - CVE-2008-0122 - PSRT110022 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS TCPIP Services V 5.7 ECO5 BIND BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2007-0493 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2007-0494 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2012-1667 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 CVE-2012-5166 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2012-4244 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-4022 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-0097 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following patch kits available to resolve the vulnerabilities with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS | Platform | Patch Kit Name | |-----------------------|---------------------------------------| | Alpha OpenVMS V8.4 | DEC-AXPVMS-TCPIP_CVE_PAT-V0507-ECO5-4 | | ITANIUM OpenVMS V8.4 | HP-I64VMS-TCPIP_CVE_PAT-V0507-ECO5-4 | **Notes:** - For CVE-2008-0122, please contact HPE OpenVMS support to request patch kit TCPIP$IPC_SHR (V5.7-ECO5B) that is now available after the above patch release. - Please read the release notes of these kits for more information including other features that are provided. HISTORY Version:1 (rev.1) - 28 January 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-1601-1 October 10, 2012 bind9 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.4 Ubuntu 11.10: bind9 1:9.7.3.dfsg-1ubuntu4.5 Ubuntu 11.04: bind9 1:9.7.3.dfsg-1ubuntu2.7 Ubuntu 10.04 LTS: bind9 1:9.7.0.dfsg.P1-1ubuntu0.8 Ubuntu 8.04 LTS: bind9 1:9.4.2.dfsg.P2-2ubuntu0.12 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24. CVE-ID CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4558 Bind Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems. CVE-ID CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2013-2266 Certificate Trust Policy Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application. ClamAV Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5 Impact: Multiple vulnerabilities in ClamAV Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8. CVE-ID CVE-2013-2020 CVE-2013-2021 CoreGraphics Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team ImageIO Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team Installer Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Packages could be opened after certificate revocation Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package. CVE-ID CVE-2013-1027 IPSec Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de Kernel Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A local network user may cause a denial of service Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check. CVE-ID CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC. Mobile Device Management Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Passwords may be disclosed to other local users Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe. CVE-ID CVE-2013-1030 : Per Olofsson at the University of Gothenburg OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y. CVE-ID CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26. CVE-ID CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-2110 PostgreSQL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PostgreSQL Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.0.13. CVE-ID CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-1902 CVE-2013-1903 Power Management Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: The screen saver may not start after the specified time period Description: A power assertion lock issue existed. This issue was addressed through improved lock handling. CVE-ID CVE-2013-1031 QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP Screen Lock Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking. CVE-ID CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq Note: OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate. OS X Mountain Lion v10.8.5 and Security Update 2013-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.5, or Security Update 2013-004. For OS X Mountain Lion v10.8.4 The download file is named: OSXUpd10.8.5.dmg Its SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11 For OS X Mountain Lion v10.8 and v10.8.3 The download file is named: OSXUpdCombo10.8.5.dmg Its SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2 For OS X Lion v10.7.5 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0 For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355 For Mac OS X v10.6.8 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4 QxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc +WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ bZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN 1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3 H9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ hDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ 8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa V2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl ytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I yoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn vBrJ5gm+nnyRe2TUMAwz =h9hc -----END PGP SIGNATURE----- . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.9.4_p2 >= 9.9.4_p2 Description =========== Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.9.4_p2" References ========== [ 1 ] CVE-2012-5166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5166 [ 2 ] CVE-2012-5688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5688 [ 3 ] CVE-2012-5689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5689 [ 4 ] CVE-2013-2266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2266 [ 5 ] CVE-2013-3919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3919 [ 6 ] CVE-2013-4854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4854 [ 7 ] CVE-2014-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0591 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-34.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-10-11 13:25:09 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-10-10 19:50:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4244, CVE-2012-5166 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. II. Problem Description The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. III. Impact A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. IV. Workaround No workaround is available, but systems not running the BIND name server are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, or 9.1-RC1 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 4) Install and run BIND from the Ports Collection after the correction date. The following versions and newer versions of BIND installed from the Ports Collection are not affected by this vulnerability: bind96-9.6.3.1.ESV.R7.4 bind97-9.7.6.4 bind98-9.8.3.4 bind99-9.9.1.4 VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r243418 releng/7.4/ r243417 stable/8/ r241443 releng/8.3/ r243417 stable/9/ r241415 releng/9.0/ r243417 releng/9.1/ r243417 - ------------------------------------------------------------------------- VII

Trust: 3.06

sources: NVD: CVE-2012-5166 // JVNDB: JVNDB-2012-004866 // BID: 55852 // VULMON: CVE-2012-5166 // PACKETSTORM: 117348 // PACKETSTORM: 117285 // PACKETSTORM: 116541 // PACKETSTORM: 118736 // PACKETSTORM: 117344 // PACKETSTORM: 125919 // PACKETSTORM: 117346 // PACKETSTORM: 135504 // PACKETSTORM: 117281 // PACKETSTORM: 123228 // PACKETSTORM: 124979 // PACKETSTORM: 118325

AFFECTED PRODUCTS

vendor:iscmodel:bindscope:eqversion:9.6

Trust: 1.9

vendor:iscmodel:bindscope:eqversion:9.7.1

Trust: 1.9

vendor:iscmodel:bindscope:eqversion:9.7.0

Trust: 1.9

vendor:iscmodel:bindscope:eqversion:9.7.2

Trust: 1.6

vendor:iscmodel:bindscope:eqversion:9.4.0

Trust: 1.6

vendor:iscmodel:bindscope:eqversion:9.3.2

Trust: 1.6

vendor:iscmodel:bindscope:eqversion:9.4

Trust: 1.3

vendor:iscmodel:bindscope:eqversion:9.3.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.4.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.4.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.8

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.9

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.7

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.4

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.9.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.0.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.0.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.6

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.9.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.6

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.4.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.8.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.6.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.4

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.1.2

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.6

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.1

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.5.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.7.4

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.3.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.2.x to 9.6.x

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.4-esv to 9.4-esv-r5-p1

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.6-esv to 9.6-esv-r7-p3

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.7.0 to 9.7.6-p3

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.8.0 to 9.8.3-p3

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.9.0 to 9.9.1-p3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8 to v10.8.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7.5

Trust: 0.8

vendor:intelmodel:mcafee firewall enterprise 7.0.1.03h06scope:neversion: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:freebsdmodel:9.0-rc1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:9.4.8

Trust: 0.3

vendor:f5model:big-ip link controller hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:3.0

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:9.4.80

Trust: 0.3

vendor:f5model:big-ip apm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:emcmodel:vplex geosynchronyscope:eqversion:5.2.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.3

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip edge gateway hf3scope:neversion:11.2

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:neversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.1

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c5.11scope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise server sp1 ltssscope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:9.2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:neversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.0

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.4

Trust: 0.3

vendor:f5model:big-ip gtm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.0

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:neversion:6.3.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.16

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip psm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.1

Trust: 0.3

vendor:f5model:big-ip apm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:mcafeemodel:firewall enterprisescope:eqversion:7.0.1.03

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:f5model:big-ip link controller hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:neversion:11.3

Trust: 0.3

vendor:f5model:big-ip gtm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:f5model:big-ip ltm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:collaxmodel:business serverscope:eqversion:5.5

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.4.80

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.12

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.0

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprisescope:eqversion:8.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.1

Trust: 0.3

vendor:hpmodel:tcp/ip services for openvms bind eco5scope:eqversion:5.7

Trust: 0.3

vendor:freebsdmodel:8.0-releasescope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1.5

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.75

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:f5model:big-ip gtm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.00

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.0.00

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.5

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.1.0

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.5

Trust: 0.3

vendor:mcafeemodel:firewall enterprise 7.0.1.03h04scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.126

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.3

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:9.4.5

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:9.6.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip psm hf5scope:neversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip psmscope:neversion:11.3

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:collaxmodel:business serverscope:neversion:5.5.4

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip gtm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.2.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:neversion:11.3

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprise 8.2.1p06scope:neversion: -

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.4

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.6

Trust: 0.3

vendor:f5model:big-ip gtm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip link controller hf3scope:neversion:11.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.11

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.0

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:neversion:11.2.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.2.00

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.0.00

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.68

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.2.2

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip edge gateway hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip ltmscope:neversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:neversion:11.3

Trust: 0.3

vendor:emcmodel:vplex geosynchronyscope:neversion:5.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:9.4.8

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.1

Trust: 0.3

vendor:f5model:big-ip link controller hf5scope:neversion:10.2.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.2.00

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:enterprise managerscope:neversion:3.1

Trust: 0.3

vendor:f5model:big-ip edge gateway hf2scope:neversion:11.2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:f5model:big-ip psm hf3scope:neversion:11.2.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:9.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.0.00

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.10

Trust: 0.3

vendor:emcmodel:vplex geosynchronyscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:9.2.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprise 8.3.0p02scope:neversion: -

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp2scope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.40

Trust: 0.3

vendor:intelmodel:mcafee firewall enterprisescope:eqversion:7.0.1.02

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise software development kit sp2scope:eqversion:11

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.1.0

Trust: 0.3

vendor:freebsdmodel:9.1-rc2scope:neversion: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:14.0

Trust: 0.3

vendor:collaxmodel:business serverscope:eqversion:5.5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.8

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip psm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.3

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:9.4.8

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:freebsdmodel:9.0-rc3scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.2

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip link controllerscope:neversion:11.3

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.3

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:neversion:11.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3

Trust: 0.3

vendor:oraclemodel:vm server forscope:eqversion:x863.2

Trust: 0.3

vendor:emcmodel:vplex geosynchrony sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.5

Trust: 0.3

vendor:f5model:big-ip apmscope:neversion:11.3.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:f5model:big-ip edge gateway hf5scope:neversion:10.2.4

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.9

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.1

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.3

Trust: 0.3

vendor:mcafeemodel:firewall enterprisescope:eqversion:8.2.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip asmscope:neversion:11.3.0

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.0

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.2

Trust: 0.3

sources: BID: 55852 // JVNDB: JVNDB-2012-004866 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5166
value: HIGH

Trust: 1.0

NVD: CVE-2012-5166
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201210-182
value: HIGH

Trust: 0.6

VULMON: CVE-2012-5166
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-5166
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2012-5166 // JVNDB: JVNDB-2012-004866 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.8

sources: JVNDB: JVNDB-2012-004866 // NVD: CVE-2012-5166

THREAT TYPE

remote

Trust: 1.0

sources: PACKETSTORM: 117348 // PACKETSTORM: 117346 // PACKETSTORM: 117281 // PACKETSTORM: 118325 // CNNVD: CNNVD-201210-182

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201210-182

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004866

PATCH

title:APPLE-SA-2013-09-12-1url:http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Trust: 0.8

title:HT5880url:http://support.apple.com/kb/HT5880

Trust: 0.8

title:HT5880url:http://support.apple.com/kb/HT5880?viewlocale=ja_JP

Trust: 0.8

title:DSA-2560url:http://www.debian.org/security/2012/dsa-2560

Trust: 0.8

title:FEDORA-2012-15981url:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090586.html

Trust: 0.8

title:FEDORA-2012-16022url:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090491.html

Trust: 0.8

title:FEDORA-2012-15965url:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090346.html

Trust: 0.8

title:IV30364url:http://www.ibm.com/support/docview.wss?uid=isg1IV30364

Trust: 0.8

title:IV30365url:http://www.ibm.com/support/docview.wss?uid=isg1IV30365

Trust: 0.8

title:IV30366url:http://www.ibm.com/support/docview.wss?uid=isg1IV30366

Trust: 0.8

title:IV30367url:http://www.ibm.com/support/docview.wss?uid=isg1IV30367

Trust: 0.8

title:IV30368url:http://www.ibm.com/support/docview.wss?uid=isg1IV30368

Trust: 0.8

title:IV30247url:http://www.ibm.com/support/docview.wss?uid=isg1IV30247

Trust: 0.8

title:CVE-2012-5166: Specially crafted DNS data can cause a lockup in namedurl:https://kb.isc.org/article/AA-00801

Trust: 0.8

title:CVE-2012-5166 [JP]: 特別に細工されたDNSのデータによるnamedのハングアップurl:https://kb.isc.org/article/AA-00808

Trust: 0.8

title:openSUSE-SU-2012:1372url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html

Trust: 0.8

title:SUSE-SU-2012:1390url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00013.html

Trust: 0.8

title:RHSA-2012:1364url:http://rhn.redhat.com/errata/RHSA-2012-1364.html

Trust: 0.8

title:RHSA-2012:1365url:http://rhn.redhat.com/errata/RHSA-2012-1365.html

Trust: 0.8

title:RHSA-2012:1363url:http://rhn.redhat.com/errata/RHSA-2012-1363.html

Trust: 0.8

title:CVE-2012-5166 Denial of Service vulnerability in ISC BINDurl:https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of

Trust: 0.8

title:XRX13-003url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Trust: 0.8

title:bind-9.9.2-P1url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45066

Trust: 0.6

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121363 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind97 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121364 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20121365 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2012-5166: Specially crafted DNS data can cause a lockup in namedurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e99545463f44dd9e58ef8aecc46750ec

Trust: 0.1

title:Debian Security Advisories: DSA-2560-1 bind9 -- denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7b9fe8ac24a68c94bee1a7c650a314f8

Trust: 0.1

title:Ubuntu Security Notice: bind9 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1601-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-138url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-138

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce

Trust: 0.1

sources: VULMON: CVE-2012-5166 // JVNDB: JVNDB-2012-004866 // CNNVD: CNNVD-201210-182

EXTERNAL IDS

db:NVDid:CVE-2012-5166

Trust: 3.9

db:ISCid:AA-00801

Trust: 2.2

db:SECUNIAid:50956

Trust: 1.7

db:BIDid:55852

Trust: 1.4

db:SECUNIAid:50903

Trust: 1.1

db:SECUNIAid:51106

Trust: 1.1

db:SECUNIAid:50909

Trust: 1.1

db:SECUNIAid:51054

Trust: 1.1

db:SECUNIAid:51078

Trust: 1.1

db:SECUNIAid:51178

Trust: 1.1

db:SECUNIAid:51096

Trust: 1.1

db:OSVDBid:86118

Trust: 1.1

db:JVNDBid:JVNDB-2012-004866

Trust: 0.8

db:SECUNIAid:50878

Trust: 0.6

db:CNNVDid:CNNVD-201210-182

Trust: 0.6

db:SECUNIAid:50610

Trust: 0.2

db:ISCid:AA-00778

Trust: 0.2

db:VULMONid:CVE-2012-5166

Trust: 0.1

db:PACKETSTORMid:117348

Trust: 0.1

db:PACKETSTORMid:117285

Trust: 0.1

db:PACKETSTORMid:116541

Trust: 0.1

db:PACKETSTORMid:118736

Trust: 0.1

db:PACKETSTORMid:117344

Trust: 0.1

db:PACKETSTORMid:125919

Trust: 0.1

db:PACKETSTORMid:117346

Trust: 0.1

db:PACKETSTORMid:135504

Trust: 0.1

db:PACKETSTORMid:117281

Trust: 0.1

db:PACKETSTORMid:123228

Trust: 0.1

db:PACKETSTORMid:124979

Trust: 0.1

db:PACKETSTORMid:118325

Trust: 0.1

sources: VULMON: CVE-2012-5166 // BID: 55852 // JVNDB: JVNDB-2012-004866 // PACKETSTORM: 117348 // PACKETSTORM: 117285 // PACKETSTORM: 116541 // PACKETSTORM: 118736 // PACKETSTORM: 117344 // PACKETSTORM: 125919 // PACKETSTORM: 117346 // PACKETSTORM: 135504 // PACKETSTORM: 117281 // PACKETSTORM: 123228 // PACKETSTORM: 124979 // PACKETSTORM: 118325 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

REFERENCES

url:https://kb.isc.org/article/aa-00801

Trust: 2.2

url:http://secunia.com/advisories/50956

Trust: 1.7

url:http://www.isc.org/software/bind/advisories/cve-2012-5166

Trust: 1.4

url:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf

Trust: 1.4

url:https://blogs.oracle.com/sunsecurity/entry/cve_2012_5166_denial_of

Trust: 1.4

url:http://support.apple.com/kb/ht5880

Trust: 1.4

url:http://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc

Trust: 1.4

url:http://rhn.redhat.com/errata/rhsa-2012-1364.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2012-1365.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2012-1363.html

Trust: 1.2

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-october/090491.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-october/090586.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00013.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html

Trust: 1.1

url:http://www.debian.org/security/2012/dsa-2560

Trust: 1.1

url:http://www.securityfocus.com/bid/55852

Trust: 1.1

url:http://secunia.com/advisories/51054

Trust: 1.1

url:http://secunia.com/advisories/50903

Trust: 1.1

url:http://secunia.com/advisories/50909

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-october/090346.html

Trust: 1.1

url:http://secunia.com/advisories/51096

Trust: 1.1

url:http://secunia.com/advisories/51106

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30366

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30368

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30364

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30367

Trust: 1.1

url:http://secunia.com/advisories/51078

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30365

Trust: 1.1

url:http://osvdb.org/86118

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30247

Trust: 1.1

url:http://secunia.com/advisories/51178

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:162

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html

Trust: 1.1

url:http://www.ibm.com/support/docview.wss?uid=isg1iv30185

Trust: 1.1

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Trust: 1.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04952488

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19706

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5166

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5166

Trust: 1.1

url:http://www.jpcert.or.jp/at/2012/at120033.txt

Trust: 0.8

url:http://jprs.jp/tech/security/2012-10-10-bind9-vuln-rr-combination.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5166

Trust: 0.8

url:http://secunia.com/advisories/50878

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-4244

Trust: 0.4

url:http://www.collax.com/produkte/die-komplettloesung-fuer-kleine-unternehmen

Trust: 0.3

url:http://seclists.org/bugtraq/2014/mar/att-156/esa-2014-016.txt

Trust: 0.3

url:http://www.isc.org/products/bind/

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1683f-4d960e4b16bb2/cert_xrx13-004_v1.01.pdf

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100168007

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=kb76535

Trust: 0.3

url:http://www.freebsd.org/security/advisories/freebsd-sa-12:06.bind.asc

Trust: 0.3

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04952488

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03526327&ac.admitted=1351077150059.876444892.492883150

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/14000/200/sol14201.html

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2012-5166.html

Trust: 0.3

url:https://access.redhat.com/security/team/key/#package

Trust: 0.3

url:http://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-5688

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-1667

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-3817

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/189.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:1363

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=27151

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/1601-1/

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50610

Trust: 0.1

url:https://kb.isc.org/article/aa-00778/74

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/50610/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/50610/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3868

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5688

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3868

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3817

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1667

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4244.html

Trust: 0.1

url:http://www.isc.org/software/bind/advisories/cve-2012-4244

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0634

Trust: 0.1

url:https://tomcat.apache.org/security-6.html#fixed_in_apache_tomcat_6.0.36

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4110

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2002-2443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1044

Trust: 0.1

url:http://web.nvd.nist.gov/)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0632

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0635

Trust: 0.1

url:http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0122

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0494

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-4022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-0493

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0097

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1601-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu4.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu2.7

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.4.2.dfsg.p2-2ubuntu0.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.p1-1ubuntu0.8

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.p1-4ubuntu0.4

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1899

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4558

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1635

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1025

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1029

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1643

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:https://www.traud.de

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1901

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1026

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1824

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1027

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1031

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1902

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1033

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1032

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1030

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2686

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0883

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1900

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0166

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0591

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3919

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3919

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5689

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201401-34.xml

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2266

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5688

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2266

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5166

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0591

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4854

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5689

Trust: 0.1

url:http://www.freebsd.org/handbook/makeworld.html>.

Trust: 0.1

url:http://security.freebsd.org/patches/sa-12:06/bind.patch.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-12:06/bind.patch

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4244

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:https://kb.isc.org/article/aa-00778

Trust: 0.1

url:http://security.freebsd.org/advisories/freebsd-sa-12:06.bind.asc

Trust: 0.1

sources: VULMON: CVE-2012-5166 // BID: 55852 // JVNDB: JVNDB-2012-004866 // PACKETSTORM: 117348 // PACKETSTORM: 117285 // PACKETSTORM: 116541 // PACKETSTORM: 118736 // PACKETSTORM: 117344 // PACKETSTORM: 125919 // PACKETSTORM: 117346 // PACKETSTORM: 135504 // PACKETSTORM: 117281 // PACKETSTORM: 123228 // PACKETSTORM: 124979 // PACKETSTORM: 118325 // CNNVD: CNNVD-201210-182 // NVD: CVE-2012-5166

CREDITS

Jake Montgomery of Dyn, Inc.

Trust: 0.3

sources: BID: 55852

SOURCES

db:VULMONid:CVE-2012-5166
db:BIDid:55852
db:JVNDBid:JVNDB-2012-004866
db:PACKETSTORMid:117348
db:PACKETSTORMid:117285
db:PACKETSTORMid:116541
db:PACKETSTORMid:118736
db:PACKETSTORMid:117344
db:PACKETSTORMid:125919
db:PACKETSTORMid:117346
db:PACKETSTORMid:135504
db:PACKETSTORMid:117281
db:PACKETSTORMid:123228
db:PACKETSTORMid:124979
db:PACKETSTORMid:118325
db:CNNVDid:CNNVD-201210-182
db:NVDid:CVE-2012-5166

LAST UPDATE DATE

2024-11-11T20:50:41.581000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2012-5166date:2017-09-19T00:00:00
db:BIDid:55852date:2016-07-29T17:00:00
db:JVNDBid:JVNDB-2012-004866date:2013-09-30T00:00:00
db:CNNVDid:CNNVD-201210-182date:2012-10-15T00:00:00
db:NVDid:CVE-2012-5166date:2017-09-19T01:35:29.763

SOURCES RELEASE DATE

db:VULMONid:CVE-2012-5166date:2012-10-10T00:00:00
db:BIDid:55852date:2012-10-09T00:00:00
db:JVNDBid:JVNDB-2012-004866date:2012-10-12T00:00:00
db:PACKETSTORMid:117348date:2012-10-12T23:40:33
db:PACKETSTORMid:117285date:2012-10-11T06:42:57
db:PACKETSTORMid:116541date:2012-09-14T01:16:19
db:PACKETSTORMid:118736date:2012-12-10T23:33:33
db:PACKETSTORMid:117344date:2012-10-12T23:39:07
db:PACKETSTORMid:125919date:2014-03-27T22:22:22
db:PACKETSTORMid:117346date:2012-10-12T23:40:10
db:PACKETSTORMid:135504date:2016-01-29T20:33:00
db:PACKETSTORMid:117281date:2012-10-11T06:35:38
db:PACKETSTORMid:123228date:2013-09-13T19:32:22
db:PACKETSTORMid:124979date:2014-01-30T01:18:39
db:PACKETSTORMid:118325date:2012-11-23T17:16:44
db:CNNVDid:CNNVD-201210-182date:2012-10-15T00:00:00
db:NVDid:CVE-2012-5166date:2012-10-10T21:55:00.860