CVE-2012-3817

Published: 25 July 2012

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.

Priority

Status

Package	Release	Status
bind9 Launchpad, Ubuntu, Debian	hardy	Not vulnerable (code not present)
	lucid	Released (1:9.7.0.dfsg.P1-1ubuntu0.6)
	natty	Released (1:9.7.3.dfsg-1ubuntu2.5)
	oneiric	Released (1:9.7.3.dfsg-1ubuntu4.3)
	precise	Released (1:9.8.1.dfsg.P1-4ubuntu0.2)
	upstream	Needs triage

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
https://kb.isc.org/article/AA-00729
https://ubuntu.com/security/notices/USN-1518-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›