製品・ソフトウェアに関する情報

JVN脆弱性詳細

BIND におけるサービス運用妨害 (DoS) の脆弱性

Title	BIND におけるサービス運用妨害 (DoS) の脆弱性
Summary	BIND には、recursive validating サーバにおいて、静的に設定される、または DNSSEC Lookaside Validation (DLV) を経由するトラストアンカーを保持する際の処理に不備があるため、サービス運用妨害 (DoS) となる脆弱性が存在します。
Possible impacts	第三者により、キャッシュに存在しない RRSIG レコードのクエリを介して、権威サーバへ RRSIG クエリを繰り返し送信されることにより、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 15, 2010, midnight
Registration Date	Aug. 11, 2010, 6:30 p.m.
Last Update	Aug. 11, 2010, 6:30 p.m.

Affected System

ISC, Inc.

BIND 9.7.1

BIND 9.7.1-P1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0213	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0213
ISC BIND
2	CVE-2010-0213	https://www.isc.org/software/bind/advisories/cve-2010-0213
National Vulnerability Database (NVD)
3	CVE-2010-0213	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0213

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

その他

No	Name	URL
Secunia Advisory
1	SA40652	http://secunia.com/advisories/40652
SecurityFocus
2	41730	http://www.securityfocus.com/bid/41730
SecurityTracker
3	102417	http://www.securitytracker.com/id?1024217
VUPEN Security
4	VUPEN/ADV-2010-1831	http://www.vupen.com/english/advisories/2010/1831

Change Log

No	Changed Details	Date of change
0	[2010年08月11日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-0213

Summary	BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.
Publication Date	July 28, 2010, 9:48 p.m.
Registration Date	Jan. 29, 2021, 10:56 a.m.
Last Update	Nov. 21, 2024, 10:11 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html
3	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
4	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
5	http://secunia.com/advisories/40652	Vendor Advisory
6	http://secunia.com/advisories/40652	Vendor Advisory
7	http://secunia.com/advisories/40709	Vendor Advisory
8	http://secunia.com/advisories/40709	Vendor Advisory
9	http://www.isc.org/software/bind/advisories/cve-2010-0213	Vendor Advisory
10	http://www.isc.org/software/bind/advisories/cve-2010-0213	Vendor Advisory
11	http://www.kb.cert.org/vuls/id/211905	US Government Resource
12	http://www.kb.cert.org/vuls/id/211905	US Government Resource
13	http://www.securityfocus.com/bid/41730
14	http://www.securityfocus.com/bid/41730
15	http://www.securitytracker.com/id?1024217
16	http://www.securitytracker.com/id?1024217
17	http://www.vupen.com/english/advisories/2010/1884	Vendor Advisory
18	http://www.vupen.com/english/advisories/2010/1884	Vendor Advisory

Common Vulnerabilities List