|Bugzilla:||658977: CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure|
The MITRE CVE dictionary describes this issue as:
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
The Red Hat Security Response Team has rated this issue as having low security impact. Because the version of bind in Red Hat Enterprise Linux 4 does not implement support for the currently-used DNSSEC protocol version, there is no plan to address this flaw there. It has been addressed in Red Hat Enterprise Linux 5 (via RHSA-2010:0975) and Red Hat Enterprise Linux 6 (via RHSA-2010:0976).
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 5 (bind)||RHSA-2010:0976||December 13, 2010|
|Red Hat Enterprise Linux version 6 (bind)||RHSA-2010:0975||December 13, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.