BIND 9.6.1-P3 Vulnerabilities

Cathy Almond cathya at
Thu Jul 14 09:03:15 UTC 2011

On 07/06/11 16:21, Borgia, Joe A CTR USAF AFMC AFRL/RIOS wrote:
> BIND 9.6.1-P3 seems to be a somewhat old release of BIND, and yet, I can
> find no vulnerabilities listed on the ISC Security Advisories pages. Am
> I missing something?

Yes. :-(
CVE-2010-3614 - Key algorithm rollover bug in BIND 9
CVE-2010-3613 - cache incorrectly allows an ncache entry and an RRSIG
for the same type

If you did a website search for 9.6.1-P3, you wouldn't have found these
two because the "Versions affected:" lists a range.

We're trying to list all versions explicitly in newer advisories to make
things a bit clearer - but if a problem affects all BIND9 versions, that
makes it a bit challenging!

We're also pondering on how to make the matrix more readable/useful
without losing the detail that we think people want/need - possibly by
splitting it into several (e.g. 9.8 versions, 9.7 versions and so on).

Hope this helps anyway.

More information about the bind-users mailing list