ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
References
Link | Resource |
---|---|
https://kb.isc.org/article/AA-00855/ | Vendor Advisory |
http://www.isc.org/software/bind/advisories/cve-2012-5689 | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0550.html | Third Party Advisory |
http://www.ubuntu.com/usn/USN-2693-1 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2013-01-25 04:00
Updated : 2016-08-19 11:31
NVD link : CVE-2012-5689
Mitre link : CVE-2012-5689
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_hpc_node
- enterprise_linux_server_aus
- enterprise_linux_workstation
- enterprise_linux_server_eus
- enterprise_linux_server
canonical
- ubuntu_linux
isc
- bind