Think you have a false positive on this rule?

Sid 1-19125

Message

PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt

Summary

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

Impact

CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2011-1910:

CVSS base score 5.0

CVSS impact score 2.9

CVSS exploitability score 10.0

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2011-1910: Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

Affected systems

  • isc bind 9.0
  • isc bind 9.0.0
  • isc bind 9.0.1
  • isc bind 9.1
  • isc bind 9.1.0
  • isc bind 9.1.1
  • isc bind 9.1.2
  • isc bind 9.1.3
  • isc bind 9.2
  • isc bind 9.2.0
  • isc bind 9.2.1
  • isc bind 9.2.2
  • isc bind 9.2.3
  • isc bind 9.2.4
  • isc bind 9.2.5
  • isc bind 9.2.6
  • isc bind 9.2.7
  • isc bind 9.2.8
  • isc bind 9.2.9
  • isc bind 9.3
  • isc bind 9.3.0
  • isc bind 9.3.1
  • isc bind 9.3.2
  • isc bind 9.3.3
  • isc bind 9.3.4
  • isc bind 9.3.5
  • isc bind 9.3.6
  • isc bind 9.4
  • isc bind 9.4.0
  • isc bind 9.4.1
  • isc bind 9.4.2
  • isc bind 9.4.3
  • isc bind 9.5
  • isc bind 9.5.0
  • isc bind 9.5.1
  • isc bind 9.5.2
  • isc bind 9.5.3
  • isc bind 9.6
  • isc bind 9.6.0
  • isc bind 9.6.1
  • isc bind 9.6.2
  • isc bind 9.6.3
  • isc bind 9.7.0
  • isc bind 9.7.1
  • isc bind 9.7.2
  • isc bind 9.7.3
  • isc bind 9.8.0

Ease of attack

CVE-2011-1910:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References