Univention Bugzilla – Bug 28106
bind9: Denial of service (3.0)
Last modified: 2019-04-11 19:23:16 CEST
CVE-2012-3817 Große Mengen von DNSSEC-Validierungsanfragen können zu DoS durch ein fehlerhaftes assert() führen. Da DNSSEC in UCS nicht direkt unterstützt wird, nur geringe Priorität.
\item Ein zu striktes assert() erlaubt Denial of Service gegen rekursive Nameserver (CVE-2012-4244)
\item Denial of Service im Handling von RDATA-Records (CVE-2012-5166)
Eine weitere für UCS harmlose Lücke (die betroffene Option ist in der UCS-Konfiguration nicht aktiviert): DoS in der Verarbeitung von DNS64-Paketen (CVE-2012-5688) 2.4 ist nicht betroffen.
Denial of Service in the DNS64 implementation (CVE-2012-5689) The Bind version in UCS 2.4 is not affected.
DoS through memory consumption in libdns (CVE-2013-2494) (the version from UCS 2.4 is not affected)
(In reply to comment #5) > DoS through memory consumption in libdns (CVE-2013-2494) (the version from UCS > 2.4 is not affected) CVE-2013-2494 is for isc-dhcp (which is not affected in the version (< 4.2) in UCS) This issue for bind9 is CVE-2013-2266
The maintenance with bug and security fixes for UCS 3.0-x has ended on 30th June 2013. The maintenance of the UCS 3.x major series is continued by UCS 3.1-x that is supplied with bug and security fixes. Customers still on UCS 3.0-x are encouraged to update to UCS 3.1 that contains, among other things, Linux Kernel 3.2, Univention App Center, an update of Samba 3 and Samba 4, support for Microsoft Windows 2012 and Windows 8. Please contact your partner or Univention for any questions.