Red Hat Customer Portal

Skip to main content

CVE-2014-0591

A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

Details Source

Red Hat

Statement

This issue does not affect the version of bind and bind97 as shipped with Red Hat Enterprise Linux 5. For a technical explanation please see https://bugzilla.redhat.com/show_bug.cgi?id=1051717#c25

Public Date

2014-01-13 00:00:00

Impact

Moderate

Bugzilla

CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones

Bugzilla ID

1 051 717

CVSS Status

verified

Base Score

2.60

Base Metrics

AV:N/AC:H/Au:N/C:N/I:N/A:P

External References

https://kb.isc.org/article/AA-01078/0
https://kb.isc.org/article/AA-01085

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (bind97) RHSA-2014:1244 2014-09-16
Red Hat Enterprise Linux 6 (bind) RHSA-2014:0043 2014-01-20

CWE

CWE-227

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 bind Not affected
Red Hat Enterprise Linux 5 bind Not affected