CVE-2012-1033 — Bind vulnerability

9 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
1.9%
top 16.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC Bind9ISC Bind
Timeline
PublishedFeb 8
Latest updateMay 14

Description

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

â–¶Debianisc/bind9< 1:9.8.1.dfsg.P1-4.1+3
â–¶NVDisc/bind36 versions+35

🔴Vulnerability Details

3
GHSA
GHSA-g63p-j554-jxp4: The resolver in ISC BIND 9 through 9↗2022-05-14
â–¶
OSV
CVE-2012-1033: The resolver in ISC BIND 9 through 9↗2012-02-08
â–¶
CVEList
CVE-2012-1033: The resolver in ISC BIND 9 through 9↗2012-02-08
â–¶

💥Exploits & PoCs

1
Exploit-DB
NetSarang Xlpd Printer Daemon 4 - Denial of Service↗2012-02-02
â–¶

📋Vendor Advisories

3
Ubuntu
Bind vulnerabilities↗2012-06-05
â–¶
Red Hat
bind: deleted domain name resolving flaw↗2012-02-07
â–¶
Debian
CVE-2012-1033: bind9 - The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and T...↗2012
â–¶

💬Community

1
Bugzilla
CVE-2012-1033 bind: deleted domain name resolving flaw↗2012-02-08
â–¶
CVE-2012-1033 — ISC Bind vulnerability | cvebase