CVE-2011-0414
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 23 Feb 2011, 18:00
Last modified:06 Aug 2024, 21:51
Vulnerability Summary
Overall Risk (default)
medium
29/100 CVSS Score
7.1 HIGH
v2.0 (nvd)
EPSS Score
4.54% LOW
5% probability -1.45%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Feb 2011, 18:00
Published
Vulnerability first disclosed
06 Aug 2024, 21:51
Last Modified
Vulnerability information updated
Description
ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.
CVSS Metrics
- v2.0•HIGH•Score: 7.1AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 4.54%• Percentile: 89%
Techniques & Countermeasures
- CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
Affected Systems
- isc•bind
9.7.1 | 9.7.1:p1 | 9.7.1:p2 | 9.7.1:rc1 | 9.7.2 | 9.7.2:p1 | 9.7.2:p2 | 9.7.2:p3 | 9.7.2:rc1
References (12)
- http://www.kb.cert.org/vuls/id/449980
- http://www.vupen.com/english/advisories/2011/0489
- http://www.isc.org/software/bind/advisories/cve-2011-0414
- http://www.securitytracker.com/id?1025110
- https://bugzilla.redhat.com/show_bug.cgi?id=679496
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- http://www.kb.cert.org/vuls/id/559980
- http://secunia.com/advisories/43443
- http://www.debian.org/security/2011/dsa-2208
- http://www.vupen.com/english/advisories/2011/0466
- http://secunia.com/advisories/43439
- http://www.ubuntu.com/usn/USN-1070-1