4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.965 High
EPSS
Percentile
99.6%
CentOS Errata and Security Advisory CESA-2009:1179
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
A flaw was found in the way BIND handles dynamic update message packets
containing the βANYβ record type. A remote attacker could use this flaw to
send a specially-crafted dynamic update packet that could cause named to
exit with an assertion failure. (CVE-2009-0696)
Note: even if named is not configured for dynamic updates, receiving such
a specially-crafted dynamic update packet could still cause named to exit
unexpectedly.
All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-July/078214.html
https://lists.centos.org/pipermail/centos-announce/2009-July/078215.html
https://lists.centos.org/pipermail/centos-announce/2009-July/090971.html
https://lists.centos.org/pipermail/centos-announce/2009-July/090972.html
Affected packages:
bind
bind-chroot
bind-devel
bind-libbind-devel
bind-libs
bind-sdb
bind-utils
caching-nameserver
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1179
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | bind | <Β 9.3.4-10.P1.el5_3.2 | bind-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind-chroot | <Β 9.3.4-10.P1.el5_3.2 | bind-chroot-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind-devel | <Β 9.3.4-10.P1.el5_3.2 | bind-devel-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind-libbind-devel | <Β 9.3.4-10.P1.el5_3.2 | bind-libbind-devel-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind-libs | <Β 9.3.4-10.P1.el5_3.2 | bind-libs-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind-sdb | <Β 9.3.4-10.P1.el5_3.2 | bind-sdb-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind-utils | <Β 9.3.4-10.P1.el5_3.2 | bind-utils-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | caching-nameserver | <Β 9.3.4-10.P1.el5_3.2 | caching-nameserver-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind | <Β 9.3.4-10.P1.el5_3.2 | bind-9.3.4-10.P1.el5_3.2.i386.rpm |
CentOS | 5 | i386 | bind-chroot | <Β 9.3.4-10.P1.el5_3.2 | bind-chroot-9.3.4-10.P1.el5_3.2.i386.rpm |