7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.061 Low
EPSS
Percentile
93.4%
A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC).
BIND version 9.4.0 contains a vulnerability in the way that the query_addsoa()
function is called. A remote attacker with the ability to send a specific sequence of queries to a vulnerable system can cause the nameserver to exit. Note that recursion must be enabled on the nameserver for this vulnerability to be exposed.
A remote attacker may be able to cause the name server daemon to exit prematurely, thereby causing a denial of service for DNS operations.
Upgrade
Users who compile their own copies of the affected version of BIND (9.4.0) from the original ISC source code are encouraged to upgrade to BIND version 9.4.1 (or later), which includes a patch for this issue.
Workarounds
Disable Recursion
Users, particularly those who are not able to upgrade, are encouraged to disable recursion (‘recursion no;
’ set in named.conf
) if it is not required by their configuration.
718460
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 30, 2007 Updated: May 02, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
ISC has published BIND version 9.4.1 to address this vulnerability. Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to this version (or later) of the software.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23718460 Feedback>).
Notified: May 02, 2007 Updated: May 15, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Mandriva has published Mandriva Security Advisory MDKSA-2007:100 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23718460 Feedback>).
Notified: May 02, 2007 Updated: July 03, 2007
Affected
`No formal NetBSD release included BIND 9.4.0. However 9.4.0 was in CVS
HEAD sources for a little while before being updated to 9.4.1. We have
sent out a short note to anyone who might be running with 9.4.0:
[
http://mail-index.netbsd.org/current-users/2007/07/01/0010.html`](<http://mail-index.netbsd.org/current-users/2007/07/01/0010.html>)
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 15, 2007
Not Affected
Please list Apple as not vulnerable to VU#718460. We do not currently ship BIND 9.4.0 in our products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 09, 2007
Not Affected
Our development team has reviewed this information and determined that there is no impact on NetWare and OES Linux DNS Servers.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 09, 2007
Not Affected
Openwall GNU/*/Linux is not affected. We currently use BIND 9.3.4, not
the affected version 9.4.0.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 03, 2007
Not Affected
The newest version of BIND in any Slackware distribution is 9.3.4, so we are not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 15, 2007
Not Affected
This is to inform you that Sun Solaris is not affected by this issue since we
do not ship any of the BIND releases that are vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 03, 2007
Not Affected
Ubuntu is unaffected. None of our releases contain BIND 9.4.0.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 02, 2007 Updated: May 02, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 52 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Mark Andrews of the Internet Systems Consortium (ISC) for reporting this vulnerability.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2007-2241 |
---|---|
Severity Metric: | 6.90 Date Public: |