VMSA-2012-0016: Update to ESX service console bind packages (CVE-2012-3817)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | July 25, 2012 | November 22, 2012 | February 13, 2015 |
Description
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
vmware-esx41-upgrade-874690Related Vulnerabilities
- HP-UX: CVE-2012-3817: Running BIND, Remote Denial of Service (DoS), Authentication Bypass
- USN-1518-1: Bind vulnerability
- ELSA-2013-0550 Moderate: Oracle Linux bind security and enhancement update
- ELSA-2012-1123 Important: Oracle Linux bind security update
- FreeBSD: dns/bind9* -- Heavy DNSSEC Validation Load Can Cause a 'Bad Cache' Assertion Failure (CVE-2012-3817)
- Amazon Linux AMI: Security patch for bind (ALAS-2012-113) (CVE-2012-3817)
- Alpine Linux: CVE-2012-3817: Vulnerability in bind < [9.9.1-P2|9.8.3-P2|9.7.6-P2] may allow remote denial of service
- FreeBSD: FreeBSD -- named(8) DNSSEC validation Denial of Service (FreeBSD-SA-12:05.bind) (CVE-2012-3817)
- Gentoo Linux: CVE-2012-3817: BIND: Multiple vulnerabilities
- DSA-2517-1 bind9 -- denial of service
- Sun Patch: SunOS 5.10: BIND patch
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- Sun Patch: SunOS 5.9: in.dhcpd libresolv and BIND9 patch
- SUSE Linux Security Vulnerability: CVE-2012-3817
- RHSA-2012:1123: bind security update
- ELSA-2012-1122 Important: Oracle Linux bind97 security update
- Sun Patch: SunOS 5.10_x86: BIND patch
- Oracle Solaris 11: CVE-2012-3817: Vulnerability in Bind
- OS X update for Bind (CVE-2012-3817)
- ELSA-2014-1984 Important: Oracle Linux bind security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 3
- RHSA-2012:1122: bind97 security update
- OS X update for Apache (CVE-2012-3817)
- Sun Patch: SunOS 5.9_x86: in.dhcpd libresolv and BIND9 patch
- ISC BIND: Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure in BIND9 (CVE-2012-3817)