CVE Database

CVE-2014-0591

Impact: Moderate
Public: 2014-01-13
CWE: CWE-227
Bugzilla: 1051717: CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones
IAVA: 2014-A-0086

Details

A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

Find out more about CVE-2014-0591 from the MITRE CVE dictionary and NIST NVD.

Statement

This issue does not affect the version of bind and bind97 as shipped with Red Hat Enterprise Linux 5. For a technical explanation please see https://bugzilla.redhat.com/show_bug.cgi?id=1051717#c25

CVSS v2 metrics

Base Score: 2.6
Base Metrics: AV:N/AC:H/Au:N/C:N/I:N/A:P
Access Vector: Network
Access Complexity: High
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (bind97) RHSA-2014:1244 September 16, 2014
Red Hat Enterprise Linux version 6 (bind) RHSA-2014:0043 January 20, 2014

External References

https://kb.isc.org/article/AA-01078/0

https://kb.isc.org/article/AA-01085

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.