Lucene search

K

[email protected]CVE-2009-0696

HistoryJul 29, 2009 - 5:30 p.m.

CVE-2009-0696

2009-07-2917:30:00

CWE-16

[email protected]

web.nvd.nist.gov

232

cve-2009-0696

isc bind

denial of service attack

dns security

vulnerability

nvd

dynamic update message

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.6%

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

CPENameOperatorVersion
isc:bindisc bindeq9.5.0
isc:bindisc bindeq9.4.3
isc:bindisc bindeq9.6
isc:bindisc bindeq9.4.0
isc:bindisc bindeq9.5
isc:bindisc bindeq9.6.1
isc:bindisc bindeq9.4.1
isc:bindisc bindeq9.6.0
isc:bindisc bindeq9.4
isc:bindisc bindeq9.4.2

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc

ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt

aix.software.ibm.com/aix/efixes/security/bind_advisory.asc

bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975

secunia.com/advisories/36035

secunia.com/advisories/36038

secunia.com/advisories/36050

secunia.com/advisories/36053

secunia.com/advisories/36056

secunia.com/advisories/36063

secunia.com/advisories/36086

secunia.com/advisories/36098

secunia.com/advisories/36192

secunia.com/advisories/37471

secunia.com/advisories/39334

sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1

up2date.astaro.com/2009/08/up2date_7505_released.html

wiki.rpath.com/Advisories:rPSA-2009-0113

www.kb.cert.org/vuls/id/725188

www.openbsd.org/errata44.html#014_bind

www.securityfocus.com/archive/1/505403/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securitytracker.com/id?1022613

www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499

www.ubuntu.com/usn/usn-808-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/2036

www.vupen.com/english/advisories/2009/2088

www.vupen.com/english/advisories/2009/2171

www.vupen.com/english/advisories/2009/2247

www.vupen.com/english/advisories/2009/3316

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806

www.isc.org/node/474

www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html

4.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.6%