Public Date:
658977: CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure

The MITRE CVE dictionary describes this issue as:

named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.

Find out more about CVE-2010-3614 from the MITRE CVE dictionary dictionary and NIST NVD.


The Red Hat Security Response Team has rated this issue as having low security impact. Because the version of bind in Red Hat Enterprise Linux 4 does not implement support for the currently-used DNSSEC protocol version, there is no plan to address this flaw there. It has been addressed in Red Hat Enterprise Linux 5 (via RHSA-2010:0975) and Red Hat Enterprise Linux 6 (via RHSA-2010:0976).

CVSS v2 metrics

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (bind) RHSA-2010:0975 2010-12-13
Red Hat Enterprise Linux 5 (bind) RHSA-2010:0976 2010-12-13

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 bind97 Affected
Red Hat Enterprise Linux 4 bind Affected
Red Hat Enterprise Linux 3 bind Will not fix


Last Modified

CVE description copyright © 2017, The MITRE Corporation