CVE Database


Impact: Low
Public: 2010-12-01
Bugzilla: 658977: CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure


The MITRE CVE dictionary describes this issue as:

named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.

Find out more about CVE-2010-3614 from the MITRE CVE dictionary and NIST NVD.


The Red Hat Security Response Team has rated this issue as having low security impact. Because the version of bind in Red Hat Enterprise Linux 4 does not implement support for the currently-used DNSSEC protocol version, there is no plan to address this flaw there. It has been addressed in Red Hat Enterprise Linux 5 (via RHSA-2010:0975) and Red Hat Enterprise Linux 6 (via RHSA-2010:0976).

CVSS v2 metrics

Base Score: 5.0
Base Metrics: AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (bind) RHSA-2010:0976 December 13, 2010
Red Hat Enterprise Linux version 6 (bind) RHSA-2010:0975 December 13, 2010

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.