Description

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.

References

• APPLE-APPLE-SA-2013-09-12-1
• BID-55522
• CVE-2012-4244
• DEBIAN-DSA-2547
• DISA_SEVERITY-Category I
• DISA_VMSKEY-V0036787
• IAVM-2013-A-0031
• REDHAT-RHSA-2012:1266
• REDHAT-RHSA-2012:1267
• REDHAT-RHSA-2012:1268
• REDHAT-RHSA-2012:1365

Solution

Related Vulnerabilities

• SUSE Linux Security Vulnerability: CVE-2012-4244
• ELSA-2012-1365 Important: Oracle Linux bind security update
• ELSA-2013-0550 Moderate: Oracle Linux bind security and enhancement update
• RHSA-2012:1266: bind97 security update
• VMSA-2013-0001: Update to ESX service console bind packages (CVE-2012-4244)
• RHSA-2012:1268: bind security update
• OS X update for Bind (CVE-2012-4244)
• ELSA-2012-1266 Important: Oracle Linux bind97 security update
• F5 Networks: K14201 (CVE-2012-4244): BIND denial-of-service attack CVE-2012-5166/CVE-2012-4244
• DSA-2547-1 bind9 -- improper assert
• USN-1566-1: Bind vulnerability
• RHSA-2012:1365: bind security update
• ELSA-2012-1267 Important: Oracle Linux bind security and bug fix update
• Sun Patch: SunOS 5.10: BIND patch
• ELSA-2012-1268 Important: Oracle Linux bind security update
• Sun Patch: SunOS 5.9: in.dhcpd libresolv and BIND9 patch
• Oracle Solaris 11: CVE-2012-4244: Vulnerability in BIND
• Sun Patch: SunOS 5.10_x86: BIND patch
• Gentoo Linux: CVE-2012-4244: BIND: Multiple vulnerabilities
• ISC BIND: A specially crafted Resource Record could cause named to terminate (CVE-2012-4244)
• FreeBSD: FreeBSD -- Multiple Denial of Service vulnerabilities with named(8) (FreeBSD-SA-12:06.bind) (Multiple CVEs)
• ELSA-2014-1984 Important: Oracle Linux bind security update
• Alpine Linux: CVE-2012-4244: Vulnerability in bind 9.7.x, 9.8.x, 9.9.1 allow remote denial of service
• Amazon Linux AMI: Security patch for bind (ALAS-2012-124) (CVE-2012-4244)
• Sun Patch: SunOS 5.9_x86: in.dhcpd libresolv and BIND9 patch
• OS X update for Apache (CVE-2012-4244)
• RHSA-2012:1267: bind security and bug fix update