The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
Published : 2014-12-11 02:59 Updated : 2019-07-30 18:15
CVSS Score More info
Score 5.4 / 10
A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.
Specialized access conditions exist. For example:
- In most configurations, the attacking party must already have elevated privileges or spoof additional systems in addition to the attacking system (e.g., DNS hijacking). The attack depends on social engineering methods that would be easily detected by knowledgeable people. For example, the victim must perform several suspicious or atypical actions.
- The vulnerable configuration is seen very rarely in practice.
- If a race condition exists, the window is very narrow.
Authentication is not required to exploit the vulnerability.
|CWE-20||Improper Input Validation||The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.||CVE|
|CWE-284||Improper Access Control||The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.||CVE|