BIND 9.6.1-P3 Vulnerabilities
Cathy Almond
cathya at isc.org
Thu Jul 14 09:03:15 UTC 2011
On 07/06/11 16:21, Borgia, Joe A CTR USAF AFMC AFRL/RIOS wrote:
> BIND 9.6.1-P3 seems to be a somewhat old release of BIND, and yet, I can
> find no vulnerabilities listed on the ISC Security Advisories pages. Am
> I missing something?
Yes. :-(
https://www.isc.org/software/bind/security/matrix
CVE-2010-3614 - Key algorithm rollover bug in BIND 9
CVE-2010-3613 - cache incorrectly allows an ncache entry and an RRSIG
for the same type
https://www.isc.org/software/bind/advisories/cve-2010-3614
https://www.isc.org/software/bind/advisories/cve-2010-3613
If you did a website search for 9.6.1-P3, you wouldn't have found these
two because the "Versions affected:" lists a range.
We're trying to list all versions explicitly in newer advisories to make
things a bit clearer - but if a problem affects all BIND9 versions, that
makes it a bit challenging!
We're also pondering on how to make the matrix more readable/useful
without losing the detail that we think people want/need - possibly by
splitting it into several (e.g. 9.8 versions, 9.7 versions and so on).
Hope this helps anyway.
More information about the bind-users
mailing list