CVE-2005-0034 - An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enab

CVE-2005-0034

Summary

An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	12365
cert-vn	VU#938617
confirm	http://www.isc.org/index.pl?/sw/bind/bind-security.php http://www.isc.org/index.pl?/sw/bind/bind9.php
misc	http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html
sectrack	1012995
secunia	14008
trustix	2005-0003
xf	bind-named-dns-dos(19062)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32