Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1033

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1033
Last Modified 03 Jan 2013 11:36:23
Published 08 Feb 2012 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1033

Summary

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

Vulnerable Systems

Application

  • Isc Bind 9.0

  • Isc Bind 9.0.1

  • Isc Bind 9.1

  • Isc Bind 9.1.1

  • Isc Bind 9.1.2

  • Isc Bind 9.1.3

  • Isc Bind 9.2

  • Isc Bind 9.2.0

  • Isc Bind 9.2.1

  • Isc Bind 9.2.2

  • Isc Bind 9.2.3

  • Isc Bind 9.2.4

  • Isc Bind 9.2.5

  • Isc Bind 9.2.6

  • Isc Bind 9.2.7

  • Isc Bind 9.3

  • Isc Bind 9.3.0

  • Isc Bind 9.3.1

  • Isc Bind 9.3.2

  • Isc Bind 9.3.3

  • Isc Bind 9.4

  • Isc Bind 9.4.0

  • Isc Bind 9.4.0a1

  • Isc Bind 9.4.0a2

  • Isc Bind 9.4.0a3

  • Isc Bind 9.4.0a4

  • Isc Bind 9.4.0a5

  • Isc Bind 9.4.0a6

  • Isc Bind 9.4.0b1

  • Isc Bind 9.4.0b2

  • Isc Bind 9.4.0b3

  • Isc Bind 9.4.0b4

  • Isc Bind 9.4.1

  • Isc Bind 9.4.2

  • Isc Bind 9.4.3

  • Isc Bind 9.4.3b1

  • Isc Bind 9.4.3b2

  • Isc Bind 9.4.3b3

  • Isc Bind 9.5

  • Isc Bind 9.5.0

  • Isc Bind 9.5.0-p1

  • Isc Bind 9.5.0-p2

  • Isc Bind 9.5.0-p2-w1

  • Isc Bind 9.5.0-p2-w2

  • Isc Bind 9.5.0a1

  • Isc Bind 9.5.0a2

  • Isc Bind 9.5.0a3

  • Isc Bind 9.5.0a4

  • Isc Bind 9.5.0a5

  • Isc Bind 9.5.0a6

  • Isc Bind 9.5.0a7

  • Isc Bind 9.5.0b1

  • Isc Bind 9.5.0b2

  • Isc Bind 9.5.0b3

  • Isc Bind 9.5.1

  • Isc Bind 9.5.1b1

  • Isc Bind 9.5.1b2

  • Isc Bind 9.5.1b3

  • Isc Bind 9.6.0

  • Isc Bind 9.6.0a1

  • Isc Bind 9.6.0b1

  • Isc Bind 9.7.0

  • Isc Bind 9.7.1

  • Isc Bind 9.7.2

  • Isc Bind 9.7.3

  • Isc Bind 9.7.4

  • Isc Bind 9.7.4b1

  • Isc Bind 9.8.0

  • Isc Bind 9.8.1


References

CONFIRM - https://www.isc.org/software/bind/advisories/cve-2012-1033

CERT-VN - VU#542123

XF - isc-bind-update-sec-bypass(73053)

SECTRACK - 1026647

BID - 51898

SECUNIA - 47884

OSVDB - 78916

SUSE - openSUSE-SU-2012:0864

SUSE - openSUSE-SU-2012:0863

HP - HPSBUX02835

HP - SSRT100763

Related Patches

Red Hat 2012:0716-01 RHSA Important: bind security update for RHEL 5 x86

Red Hat 2012:0716-01 RHSA Important: bind security update for RHEL 5 x86_64

Red Hat 2012:0717-01 RHSA Important: bind97 security update for RHEL 5 x86

Red Hat 2012:0717-01 RHSA Important: bind97 security update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:58:12