Skip to navigation

CVE Database

CVE-2012-1667

Impact: Important
Public: 2012-06-04
Bugzilla: 828078: CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly
IAVA: 2012-A-0189

Details

The MITRE CVE dictionary describes this issue as:

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

Find out more about CVE-2012-1667 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 6.4
Base Metrics: AV:N/AC:L/Au:N/C:P/I:N/A:P
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux ES (v. 4 ELS) (bind) RHSA-2012:1110 July 23, 2012
Red Hat Enterprise Linux version 5 (bind) RHSA-2012:0716 June 07, 2012
Red Hat Enterprise Linux version 5 (bind97) RHSA-2012:0717 June 07, 2012
Red Hat Enterprise Linux version 6 (bind) RHSA-2012:0716 June 07, 2012

External References

http://www.isc.org/software/bind/advisories/cve-2012-1667

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.