CVE-2011-0414

Publication date 22 February 2011

Last updated 24 July 2024

Ubuntu priority

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bind9	10.10 maverick	Fixed 1:9.7.1.dfsg.P2-2ubuntu0.2
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the wrong lock which could lead to server deadlock. [RT #22614] 9.7.1 and later only

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1070-1
Bind vulnerability
23 February 2011

Other references

https://www.isc.org/software/bind/advisories/cve-2011-0414
https://www.cve.org/CVERecord?id=CVE-2011-0414