CVE-2007-0494
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.971 High
EPSS
Percentile
99.8%
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the “DNSSEC Validation” vulnerability.
Affected configurations
References
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
docs.info.apple.com/article.html?artnum=305530
fedoranews.org/cms/node/2507
fedoranews.org/cms/node/2537
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
lists.apple.com/archives/security-announce/2007/May/msg00004.html
lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
marc.info/?l=bind-announce&m=116968519300764&w=2
secunia.com/advisories/23904
secunia.com/advisories/23924
secunia.com/advisories/23943
secunia.com/advisories/23944
secunia.com/advisories/23972
secunia.com/advisories/23974
secunia.com/advisories/23977
secunia.com/advisories/24014
secunia.com/advisories/24048
secunia.com/advisories/24054
secunia.com/advisories/24083
secunia.com/advisories/24129
secunia.com/advisories/24203
secunia.com/advisories/24284
secunia.com/advisories/24648
secunia.com/advisories/24930
secunia.com/advisories/24950
secunia.com/advisories/25402
secunia.com/advisories/25482
secunia.com/advisories/25649
secunia.com/advisories/25715
secunia.com/advisories/26909
secunia.com/advisories/27706
security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
security.gentoo.org/glsa/glsa-200702-06.xml
securitytracker.com/id?1017573
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
support.avaya.com/elmodocs2/security/ASA-2007-125.htm
www-1.ibm.com/support/docview.wss?uid=isg1IY95618
www-1.ibm.com/support/docview.wss?uid=isg1IY95619
www-1.ibm.com/support/docview.wss?uid=isg1IY96144
www-1.ibm.com/support/docview.wss?uid=isg1IY96324
www.debian.org/security/2007/dsa-1254
www.isc.org/index.pl?/sw/bind/bind-security.php
www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
www.mandriva.com/security/advisories?name=MDKSA-2007:030
www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
www.redhat.com/support/errata/RHSA-2007-0044.html
www.redhat.com/support/errata/RHSA-2007-0057.html
www.securityfocus.com/bid/22231
www.trustix.org/errata/2007/0005
www.ubuntu.com/usn/usn-418-1
www.vupen.com/english/advisories/2007/1401
www.vupen.com/english/advisories/2007/1939
www.vupen.com/english/advisories/2007/2002
www.vupen.com/english/advisories/2007/2163
www.vupen.com/english/advisories/2007/2245
www.vupen.com/english/advisories/2007/2315
www.vupen.com/english/advisories/2007/3229
exchange.xforce.ibmcloud.com/vulnerabilities/31838
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
issues.rpath.com/browse/RPL-989
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523
www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.2 Medium
AI Score
Confidence
Low
0.971 High
EPSS
Percentile
99.8%