FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1667

This CVE name corresponds to:

Entered Topic
2012-06-27 FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8)
2012-06-04 dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-1667 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-1667
Phase Assigned(20120315)

Description

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

References

Source Reference
CONFIRM http://www.isc.org/software/bind/advisories/cve-2012-1667
CONFIRM https://kb.isc.org/article/AA-00698
CONFIRM http://support.apple.com/kb/HT5501
APPLE APPLE-SA-2012-09-19-2
HP HPSBUX02795
HP SSRT100878
MANDRIVA MDVSA-2012:089
REDHAT RHSA-2012:1110
SLACKWARE SSA:2012-341-01
SECUNIA 51096

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.