{"vuid":"VU#837744","idnumber":"837744","name":"ISC BIND named validator vulnerability","keywords":["isc","bind","named"],"overview":"ISC BIND named contains a vulnerability where under certain situations it could incorrectly mark zone data as insecure.","clean_desc":"According to ISC: named, acting as a DNSSEC validator, was determining if an NS RRset is insecure based on a value that could mean either that the RRset is actually insecure or that there wasn't a matching key for the RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY RRset. This can happen when in the middle of a DNSKEY algorithm rollover, when two different algorithms were used to sign a zone but only the new set of keys are in the zone DNSKEY RRset.","impact":"Answers are marked incorrectly as insecure.","resolution":"Apply an update Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors. This vulnerability is addressed in ISC BIND versions 9.4-ESV-R4, 9.6.2-P3 or 9.6-ESV-R3, and 9.7.2-P3. Users of BIND from the original source distribution should upgrade to one of these versions, as appropriate. See also https://www.isc.org/software/bind/advisories/cve-2010-3614","workarounds":"","sysaffected":"","thanks":"Thanks to Internet Systems Consortium for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["https://www.isc.org/software/bind/advisories/cve-2010-3614","http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories"],"cveids":["CVE-2010-3614"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-11-04T04:00:00Z","publicdate":"2010-12-01T00:00:00Z","datefirstpublished":"2010-12-01T21:33:25Z","dateupdated":"2010-12-01T21:33:26Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"19","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"7.65","cam_scorecurrentwidelyknown":"8.775","cam_scorecurrentwidelyknownexploited":"13.275","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.65,"vulnote":null}