Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3581

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-3581
Last Modified 12 Mar 2012 12:00:00
Published 04 Nov 2011 05:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3581

Summary

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.

Vulnerable Systems

Application

  • Nlnetlabs Ldns 0.50

  • Nlnetlabs Ldns 0.60

  • Nlnetlabs Ldns 0.65

  • Nlnetlabs Ldns 0.66

  • Nlnetlabs Ldns 0.70

  • Nlnetlabs Ldns 1.0.0

  • Nlnetlabs Ldns 1.1.0

  • Nlnetlabs Ldns 1.2.0

  • Nlnetlabs Ldns 1.2.1

  • Nlnetlabs Ldns 1.2.2

  • Nlnetlabs Ldns 1.3

  • Nlnetlabs Ldns 1.4.0

  • Nlnetlabs Ldns 1.4.1

  • Nlnetlabs Ldns 1.5.0

  • Nlnetlabs Ldns 1.5.1

  • Nlnetlabs Ldns 1.6.0

  • Nlnetlabs Ldns 1.6.1

  • Nlnetlabs Ldns 1.6.10

  • Nlnetlabs Ldns 1.6.2

  • Nlnetlabs Ldns 1.6.3

  • Nlnetlabs Ldns 1.6.4

  • Nlnetlabs Ldns 1.6.5

  • Nlnetlabs Ldns 1.6.6

  • Nlnetlabs Ldns 1.6.7

  • Nlnetlabs Ldns 1.6.8

  • Nlnetlabs Ldns 1.6.9


References

CONFIRM - http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403

SECUNIA - 46476

SECUNIA - 46470

MLIST - [oss-security] 20110930 Re: CVE request: heap-based buffer overflow in ldns

MLIST - [oss-security] 20110924 CVE request: heap-based buffer overflow in ldns

CONFIRM - http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog

SUSE - openSUSE-SU-2011:1161

FEDORA - FEDORA-2011-13929

FEDORA - FEDORA-2011-13915

FEDORA - FEDORA-2011-13895


Last Updated: 27 May 2016 10:57:44