{"id": "OPENVAS:136141256231065929", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES10: Security update for bind", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind\n bind-chrootenv\n bind-devel\n bind-doc\n bind-libs\n bind-utils\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 4.3}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065929", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-0696"], "lastseen": "2018-04-06T11:38:51", "viewCount": 4, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2018-04-06T11:38:51", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0696"]}, {"type": "f5", "idList": ["SOL10366"]}, {"type": "fedora", "idList": ["FEDORA:9658910F89A"]}, {"type": "freebsd", "idList": ["83725C91-7C7E-11DE-9672-00E0815B8DA8"]}, {"type": "redhat", "idList": ["RHSA-2009:1179", "RHSA-2009:1180", "RHSA-2009:1181"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064586", "OPENVAS:64505", "OPENVAS:1361412562310835208", "OPENVAS:136141256231064585", "OPENVAS:136141256231064507", "OPENVAS:102027", "OPENVAS:64584", "OPENVAS:64585", "OPENVAS:136141256231064567", "OPENVAS:64541"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2009-181.NASL", "AIX_IZ56311.NASL", "AIX_IZ56316.NASL", "ORACLELINUX_ELSA-2009-1181.NASL", "ORACLELINUX_ELSA-2009-1179.NASL", "CENTOS_RHSA-2009-1179.NASL", "GENTOO_GLSA-200908-02.NASL", "F5_BIGIP_SOL10366.NASL", "FEDORA_2009-8119.NASL", "FREEBSD_PKG_83725C917C7E11DE967200E0815B8DA8.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22238", "SECURITYVULNS:DOC:24280", "SECURITYVULNS:DOC:24279", "SECURITYVULNS:VULN:10109"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1180", "ELSA-2009-1179", "ELSA-2009-1181"]}, {"type": "gentoo", "idList": ["GLSA-200908-02"]}, {"type": "centos", "idList": ["CESA-2009:1180", "CESA-2009:1181"]}, {"type": "slackware", "idList": ["SSA-2009-210-01"]}, {"type": "cert", "idList": ["VU:725188"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1847-1:73C4F"]}, {"type": "suse", "idList": ["SUSE-SA:2009:040"]}, {"type": "ubuntu", "idList": ["USN-808-1"]}], "modified": "2018-04-06T11:38:51", "rev": 2}, "vulnersScore": 7.4}, "pluginID": "136141256231065929", "sourceData": "#\n#VID slesp2-bind-6382\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for bind\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind\n bind-chrootenv\n bind-devel\n bind-doc\n bind-libs\n bind-utils\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65929\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for bind\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:54:11", "description": "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.", "edition": 3, "cvss3": {}, "published": "2009-07-29T17:30:00", "title": "CVE-2009-0696", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0696"], "modified": "2018-10-10T19:30:00", "cpe": ["cpe:/a:isc:bind:9.4.1", "cpe:/a:isc:bind:9.6.0", "cpe:/a:isc:bind:9.4.2", "cpe:/a:isc:bind:9.6.1", "cpe:/a:isc:bind:9.4.0", "cpe:/a:isc:bind:9.6", "cpe:/a:isc:bind:9.5.0", "cpe:/a:isc:bind:9.4", "cpe:/a:isc:bind:9.4.3", "cpe:/a:isc:bind:9.5"], "id": "CVE-2009-0696", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0696", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5_b1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2_w1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a7:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2_w2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:*:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r4:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r3:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.1:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r9:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r4_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a5:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:04", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "edition": 1, "description": "* F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled to be the master for one or more zones:\n\nA malicious dynamic update packet can crash BIND versions 9.4, 9.5, and 9.6. This issue can occur even when dynamic updating is turned off.\n\nF5 has determined BIG-IP GTM software is vulnerable to the malicious dynamic update message described in CVE-2009-0696. This vulnerability is mitigated by the fact that BIND will immediately restart after the crash. However, an attacker could sustain an outage by continuing to send malicious packets.\n\nInformation about this advisory is available at the following locations: \n \n**Note**: These links take you to resources outside of AskF5, and it is possible that the documents may be removed without our knowledge. \n\n<http://www.kb.cert.org/vuls/id/725188> \n \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696>\n\nF5 Product Development tracked this issue as CR125853 for Enterprise Manager and it was fixed in Enterprise Manager version 2.0.0. For information about upgrading, refer to the Enterprise Manager release notes.\n\nF5 Product Development tracked this issue as CR125853 for BIG-IP LTM, GTM, ASM, PSM, WebAccelerator, and Link Controller, and it was fixed in version 9.4.8 and 10.1.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, WebAccelerator, and Link Controller release notes.\n\nAdditionally, this issue was fixed in Hotfix-BIGIP-9.3.1-74.0-HF7 issued for BIG-IP version 9.3.1, Hotfix-BIGIP-9.4.5-1091.0-HF3 issued for BIG-IP version 9.4.5, Hotfix-BIGIP-9.4.6-423.0-HF2 issued for BIG-IP version 9.4.6, Hotfix-BIGIP-9.4.7-326.0-HF1 issued for BIG-IP version 9.4.7, and Hotfix-BIGIP-10.0.1-342.0-HF1 issued for BIG-IP version 10.0.1. You may download these hotfixes or later versions of the hotfixes from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nFor information about downloading software, refer to SOL167: Downloading software from F5.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\n**Workaround**\n\nYou can work around this issue by implementing the following packet filter workaround to filter and reject dynamic update packets by inspecting the opcode (operation code) of a DNS packet for updates.\n\n**Important**: Applying the packet filter using the following methods will reject all dynamic update packets. If you require dynamic updates, F5 highly recommends that you verify that the source is good/secure and construct packets filters that will allow updates from known good/secure sources and reject all dynamic updates from unknown sources.\n\nYou can implement the dynamic update packet filter using the following two methods:\n\n * Configuring the dynamic update packet filter using the Configuration utility\n * Configuring the dynamic update packet filter using the command line\n\n**Important**: As a result of a known issue with the **libpcap** library, the packet filters configured and applied in the following procedures may fail to load after approximately 15 successful load operations. For more information, refer to SOL10659: The libpcap library runs out of internal registers.\n\n**Configuring the dynamic update packet filter using the Configuration utility**\n\n 1. Log in to the Configuration utility.\n 2. Select** Network** from the left menu.\n 3. Select** General **from the **Packet Filter Menu** bar.\n 4. Select **Enabled** from the drop-down menu for **Packet Filtering**.\n 5. Select the **Filter established connections** option from the **Options **section.\n 6. Click **Update**.\n 7. Select **Rules** from the **Packet Filter Menu** bar.\n 8. Click **Create**.\n 9. Provide a name for the new packet filter. \n \nFor example: \n \ndrop_updates\n 10. Select **Order this filter should be placed on the list**. If you have **multiple packet filter**, place it as close to the beginning of the list as possible.\n 11. Select **Reject** from the **Action **menu.\n 12. Select **Enter Expression Text** from the **Filter Expression Method** option.\n 13. Enter the following syntax into the **Filter Expression box**: \n \ndst port 53 and( ( tcp[((tcp[12]&gt;&gt;2)+4)] &amp; 0x78 = 0x28 ) or ( udp[10] &amp; 0x78 = 0x28 ) )\n 14. Click **Finished**.\n\n**Configuring the dynamic update packet filter using the command line**\n\n 1. Log in to the command line.\n 2. Enable packet filtering by typing the following command: \n \nbigpipe db packetfilter enable\n 3. Enable packet filtering to be applied to already established traffic by typing the following command: \n \nbigpipe db packetfilter.established enable\n 4. Configure the packet filter by typing the following command syntax: \n \nbigpipe packet filter drop_updates { order 10 action reject filter '{ dst port 53 and ( ( tcp[((tcp[12]&gt;&gt;2)+4)] &amp; 0x78 = 0x28 ) or ( udp[10] &amp; 0x78 = 0x28 ) ) }' }\n 5. Save the changes made to the system by typing the following command: \n \nbigpipe save all\n", "modified": "2013-06-28T00:00:00", "published": "2009-07-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html", "id": "SOL10366", "title": "SOL10366 - BIND vulnerability - CVE-2009-0696", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "modified": "2009-07-30T03:55:31", "published": "2009-07-30T03:55:31", "id": "FEDORA:9658910F89A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: bind-9.6.1-4.P1.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "\nProblem Description:\nWhen named(8) receives a specially crafted dynamic update\n\t message an internal assertion check is triggered which causes\n\t named(8) to exit.\nTo trigger the problem, the dynamic update message must contains\n\t a record of type \"ANY\" and at least one resource record set (RRset)\n\t for this fully qualified domain name (FQDN) must exist on the\n\t server.\nImpact:\nAn attacker which can send DNS requests to a nameserver can cause\n\t it to exit, thus creating a Denial of Service situation.\nWorkaround:\nNo generally applicable workaround is available, but some firewalls\n\t may be able to prevent nsupdate DNS packets from reaching the\n\t nameserver.\nNOTE WELL: Merely configuring named(8) to ignore dynamic updates\n\t is NOT sufficient to protect it from this vulnerability.\n", "edition": 4, "modified": "2009-08-04T00:00:00", "published": "2009-07-28T00:00:00", "id": "83725C91-7C7E-11DE-9672-00E0815B8DA8", "href": "https://vuxml.freebsd.org/freebsd/83725c91-7c7e-11de-9672-00e0815b8da8.html", "title": "BIND -- Dynamic update message remote DoS", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nThis update also fixes the following bug:\n\n* when running on a system receiving a large number of (greater than 4,000)\nDNS requests per second, the named DNS nameserver became unresponsive, and\nthe named service had to be restarted in order for it to continue serving\nrequests. This was caused by a deadlock occurring between two threads that\nled to the inability of named to continue to service requests. This\ndeadlock has been resolved with these updated packages so that named no\nlonger becomes unresponsive under heavy load. (BZ#512668)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "modified": "2017-09-08T12:11:55", "published": "2009-07-29T04:00:00", "id": "RHSA-2009:1180", "href": "https://access.redhat.com/errata/RHSA-2009:1180", "type": "redhat", "title": "(RHSA-2009:1180) Important: bind security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:57", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "modified": "2017-09-08T11:57:04", "published": "2009-07-29T04:00:00", "id": "RHSA-2009:1179", "href": "https://access.redhat.com/errata/RHSA-2009:1179", "type": "redhat", "title": "(RHSA-2009:1179) Important: bind security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nThis update also fixes the following bug:\n\n* the following message could have been logged: \"internal_accept: fcntl()\nfailed: Too many open files\". With these updated packages, timeout queries\nare aborted in order to reduce the number of open UDP sockets, and when the\naccept() function returns an EMFILE error value, that situation is now\nhandled gracefully, thus resolving the issue. (BZ#498164)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "modified": "2018-05-26T04:26:17", "published": "2009-07-29T04:00:00", "id": "RHSA-2009:1181", "href": "https://access.redhat.com/errata/RHSA-2009:1181", "type": "redhat", "title": "(RHSA-2009:1181) Important: bind security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:17:56", "description": "AIX 'named' is an implementation of BIND (Berkeley Internet Name\nDomain) providing server functionality for the Domain Name System\n(DNS) Protocol. AIX currently ships and supports three versions of\nBIND: 4, 8, and 9.\n\nThere is an error in the handling of dynamic update messages in BIND\n9. A crafted update packet from a remote user can cause a master\nserver to assert and exit. The successful exploitation of this\nvulnerability allows a remote, unauthenticated user to make a master\nDNS server assert and exit.\n\nThe following command is vulnerable :\n\n/usr/sbin/named9.", "edition": 24, "published": "2013-01-24T00:00:00", "title": "AIX 5.3 TL 8 : bind (IZ56312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IZ56312.NASL", "href": "https://www.tenable.com/plugins/nessus/63791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory bind_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63791);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0696\");\n\n script_name(english:\"AIX 5.3 TL 8 : bind (IZ56312)\");\n script_summary(english:\"Check for APAR IZ56312\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"AIX 'named' is an implementation of BIND (Berkeley Internet Name\nDomain) providing server functionality for the Domain Name System\n(DNS) Protocol. AIX currently ships and supports three versions of\nBIND: 4, 8, and 9.\n\nThere is an error in the handling of dynamic update messages in BIND\n9. A crafted update packet from a remote user can cause a master\nserver to assert and exit. The successful exploitation of this\nvulnerability allows a remote, unauthenticated user to make a master\nDNS server assert and exit.\n\nThe following command is vulnerable :\n\n/usr/sbin/named9.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/node/474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"08\", patch:\"IZ56312_08\", package:\"bos.net.tcp.server\", minfilesetver:\"5.3.8.0\", maxfilesetver:\"5.3.8.5\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:04:14", "description": "Specially crafted ddns update packets could trigger an exception in\nbind causing it to exit. The attack works if BIND is master for a zone\neven if ddns is not configured (CVE-2009-0696).", "edition": 23, "published": "2009-07-31T00:00:00", "title": "openSUSE Security Update : bind (bind-1146)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2009-07-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-libs", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind"], "id": "SUSE_11_1_BIND-090729.NASL", "href": "https://www.tenable.com/plugins/nessus/40444", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bind-1146.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40444);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0696\");\n\n script_name(english:\"openSUSE Security Update : bind (bind-1146)\");\n script_summary(english:\"Check for the bind-1146 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted ddns update packets could trigger an exception in\nbind causing it to exit. The attack works if BIND is master for a zone\neven if ddns is not configured (CVE-2009-0696).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=526185\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-9.5.0P2-18.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-chrootenv-9.5.0P2-18.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-devel-9.5.0P2-18.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-libs-9.5.0P2-18.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-utils-9.5.0P2-18.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.5.0P2-18.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:17:56", "description": "AIX 'named' is an implementation of BIND (Berkeley Internet Name\nDomain) providing server functionality for the Domain Name System\n(DNS) Protocol. AIX currently ships and supports three versions of\nBIND: 4, 8, and 9.\n\nThere is an error in the handling of dynamic update messages in BIND\n9. A crafted update packet from a remote user can cause a master\nserver to assert and exit. The successful exploitation of this\nvulnerability allows a remote, unauthenticated user to make a master\nDNS server assert and exit.\n\nThe following command is vulnerable :\n\n/usr/sbin/named9.", "edition": 24, "published": "2013-01-24T00:00:00", "title": "AIX 5.3 TL 7 : bind (IZ56311)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IZ56311.NASL", "href": "https://www.tenable.com/plugins/nessus/63790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory bind_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63790);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0696\");\n\n script_name(english:\"AIX 5.3 TL 7 : bind (IZ56311)\");\n script_summary(english:\"Check for APAR IZ56311\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"AIX 'named' is an implementation of BIND (Berkeley Internet Name\nDomain) providing server functionality for the Domain Name System\n(DNS) Protocol. AIX currently ships and supports three versions of\nBIND: 4, 8, and 9.\n\nThere is an error in the handling of dynamic update messages in BIND\n9. A crafted update packet from a remote user can cause a master\nserver to assert and exit. The successful exploitation of this\nvulnerability allows a remote, unauthenticated user to make a master\nDNS server assert and exit.\n\nThe following command is vulnerable :\n\n/usr/sbin/named9.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/node/474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"07\", patch:\"IZ56311_07\", package:\"bos.net.tcp.server\", minfilesetver:\"5.3.7.0\", maxfilesetver:\"5.3.7.7\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:06:54", "description": "Updated bind packages that fix a security issue and a bug are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handles dynamic update message\npackets containing the 'ANY' record type. A remote attacker could use\nthis flaw to send a specially crafted dynamic update packet that could\ncause named to exit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving\nsuch a specially crafted dynamic update packet could still cause named\nto exit unexpectedly.\n\nThis update also fixes the following bug :\n\n* when running on a system receiving a large number of (greater than\n4,000) DNS requests per second, the named DNS nameserver became\nunresponsive, and the named service had to be restarted in order for\nit to continue serving requests. This was caused by a deadlock\noccurring between two threads that led to the inability of named to\ncontinue to service requests. This deadlock has been resolved with\nthese updated packages so that named no longer becomes unresponsive\nunder heavy load. (BZ#512668)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthe update, the BIND daemon (named) will be restarted automatically.", "edition": 28, "published": "2009-07-30T00:00:00", "title": "RHEL 4 : bind (RHSA-2009:1180)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2009-07-30T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "p-cpe:/a:redhat:enterprise_linux:bind"], "id": "REDHAT-RHSA-2009-1180.NASL", "href": "https://www.tenable.com/plugins/nessus/40432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1180. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40432);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0696\");\n script_bugtraq_id(35848);\n script_xref(name:\"RHSA\", value:\"2009:1180\");\n\n script_name(english:\"RHEL 4 : bind (RHSA-2009:1180)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix a security issue and a bug are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handles dynamic update message\npackets containing the 'ANY' record type. A remote attacker could use\nthis flaw to send a specially crafted dynamic update packet that could\ncause named to exit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving\nsuch a specially crafted dynamic update packet could still cause named\nto exit unexpectedly.\n\nThis update also fixes the following bug :\n\n* when running on a system receiving a large number of (greater than\n4,000) DNS requests per second, the named DNS nameserver became\nunresponsive, and the named service had to be restarted in order for\nit to continue serving requests. This was caused by a deadlock\noccurring between two threads that led to the inability of named to\ncontinue to service requests. This deadlock has been resolved with\nthese updated packages so that named no longer becomes unresponsive\nunder heavy load. (BZ#512668)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing\nthe update, the BIND daemon (named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/node/474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1180\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1180\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"bind-9.2.4-30.el4_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"bind-chroot-9.2.4-30.el4_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"bind-devel-9.2.4-30.el4_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"bind-libs-9.2.4-30.el4_8.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"bind-utils-9.2.4-30.el4_8.4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-utils\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:33", "description": "The remote host is affected by the vulnerability described in GLSA-200908-02\n(BIND: Denial of Service)\n\n Matthias Urlichs reported that the dns_db_findrdataset() function fails\n when the prerequisite section of the dynamic update message contains a\n record of type 'ANY' and where at least one RRset for this FQDN exists\n on the server.\n \nImpact :\n\n A remote unauthenticated attacker could send a specially crafted\n dynamic update message to the BIND daemon (named), leading to a Denial\n of Service (daemon crash). This vulnerability affects all primary\n (master) servers -- it is not limited to those that are configured to\n allow dynamic updates.\n \nWorkaround :\n\n Configure a firewall that performs Deep Packet Inspection to prevent\n nsupdate messages from reaching named. Alternatively, expose only\n secondary (slave) servers to untrusted networks.", "edition": 25, "published": "2009-08-03T00:00:00", "title": "GLSA-200908-02 : BIND: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2009-08-03T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:bind"], "id": "GENTOO_GLSA-200908-02.NASL", "href": "https://www.tenable.com/plugins/nessus/40463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200908-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40463);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0696\");\n script_bugtraq_id(35848);\n script_xref(name:\"GLSA\", value:\"200908-02\");\n\n script_name(english:\"GLSA-200908-02 : BIND: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200908-02\n(BIND: Denial of Service)\n\n Matthias Urlichs reported that the dns_db_findrdataset() function fails\n when the prerequisite section of the dynamic update message contains a\n record of type 'ANY' and where at least one RRset for this FQDN exists\n on the server.\n \nImpact :\n\n A remote unauthenticated attacker could send a specially crafted\n dynamic update message to the BIND daemon (named), leading to a Denial\n of Service (daemon crash). This vulnerability affects all primary\n (master) servers -- it is not limited to those that are configured to\n allow dynamic updates.\n \nWorkaround :\n\n Configure a firewall that performs Deep Packet Inspection to prevent\n nsupdate messages from reaching named. Alternatively, expose only\n secondary (slave) servers to untrusted networks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/node/474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200908-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BIND users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/bind-9.4.3_p3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-dns/bind\", unaffected:make_list(\"ge 9.4.3_p3\"), vulnerable:make_list(\"lt 9.4.3_p3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BIND\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:02:24", "description": "Specially crafted ddns update packets could trigger an exception in\nbind causing it to exit. The attack works if bind is master for a zone\neven if ddns is not configured (CVE-2009-0696). This has been fixed.", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : bind (YOU Patch Number 12462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12462.NASL", "href": "https://www.tenable.com/plugins/nessus/41316", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41316);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0696\");\n\n script_name(english:\"SuSE9 Security Update : bind (YOU Patch Number 12462)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted ddns update packets could trigger an exception in\nbind causing it to exit. The attack works if bind is master for a zone\neven if ddns is not configured (CVE-2009-0696). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0696.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12462.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"bind-9.3.4-4.12\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"bind-devel-9.3.4-4.12\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"bind-utils-9.3.4-4.12\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"bind-utils-32bit-9-200907291720\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:25:50", "description": "Updated bind packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\n[Updated 29th July 2009] The packages in this erratum have been\nupdated to also correct this issue in the bind-sdb package.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handles dynamic update message\npackets containing the 'ANY' record type. A remote attacker could use\nthis flaw to send a specially crafted dynamic update packet that could\ncause named to exit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving\nsuch a specially crafted dynamic update packet could still cause named\nto exit unexpectedly.\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "edition": 27, "published": "2010-01-06T00:00:00", "title": "CentOS 5 : bind (CESA-2009:1179)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:caching-nameserver", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-utils", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-chroot", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:bind-libbind-devel"], "id": "CENTOS_RHSA-2009-1179.NASL", "href": "https://www.tenable.com/plugins/nessus/43772", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1179 and \n# CentOS Errata and Security Advisory 2009:1179 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43772);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0696\");\n script_bugtraq_id(35848);\n script_xref(name:\"RHSA\", value:\"2009:1179\");\n\n script_name(english:\"CentOS 5 : bind (CESA-2009:1179)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix a security issue are now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\n[Updated 29th July 2009] The packages in this erratum have been\nupdated to also correct this issue in the bind-sdb package.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handles dynamic update message\npackets containing the 'ANY' record type. A remote attacker could use\nthis flaw to send a specially crafted dynamic update packet that could\ncause named to exit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving\nsuch a specially crafted dynamic update packet could still cause named\nto exit unexpectedly.\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016056.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?659ff874\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016057.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c9a7a16\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:caching-nameserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-9.3.4-10.P1.el5_3.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-chroot-9.3.4-10.P1.el5_3.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-devel-9.3.4-10.P1.el5_3.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-libbind-devel-9.3.4-10.P1.el5_3.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-libs-9.3.4-10.P1.el5_3.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-sdb-9.3.4-10.P1.el5_3.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-utils-9.3.4-10.P1.el5_3.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"caching-nameserver-9.3.4-10.P1.el5_3.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libbind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:30", "description": "New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security\nissue.", "edition": 24, "published": "2011-05-28T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2009-210-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2011-05-28T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux:10.1", "p-cpe:/a:slackware:slackware_linux:bind", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2009-210-01.NASL", "href": "https://www.tenable.com/plugins/nessus/54872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-210-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54872);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0696\");\n script_bugtraq_id(35848);\n script_xref(name:\"CERT\", value:\"725188\");\n script_xref(name:\"SSA\", value:\"2009-210-01\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2009-210-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/node/479\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffae7f17\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.4.3_P3\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:44:27", "description": "CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets\n\nA flaw was found in the way BIND handles dynamic update message\npackets containing the 'ANY' record type. A remote attacker could use\nthis flaw to send a specially crafted dynamic update packet that could\ncause named to exit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving\nsuch a specially crafted dynamic update packet could still cause named\nto exit unexpectedly.\n\nThis update also fixes the following bug :\n\n - when running on a system receiving a large number of\n (greater than 4,000) DNS requests per second, the named\n DNS nameserver became unresponsive, and the named\n service had to be restarted in order for it to continue\n serving requests. This was caused by a deadlock\n occurring between two threads that led to the inability\n of named to continue to service requests. This deadlock\n has been resolved with these updated packages so that\n named no longer becomes unresponsive under heavy load.\n (BZ#512668)\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : bind security for SL 4.x on i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090730_BIND_SECURITY_FOR_SL_4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60629", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60629);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0696\");\n\n script_name(english:\"Scientific Linux Security Update : bind security for SL 4.x on i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets\n\nA flaw was found in the way BIND handles dynamic update message\npackets containing the 'ANY' record type. A remote attacker could use\nthis flaw to send a specially crafted dynamic update packet that could\ncause named to exit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving\nsuch a specially crafted dynamic update packet could still cause named\nto exit unexpectedly.\n\nThis update also fixes the following bug :\n\n - when running on a system receiving a large number of\n (greater than 4,000) DNS requests per second, the named\n DNS nameserver became unresponsive, and the named\n service had to be restarted in order for it to continue\n serving requests. This was caused by a deadlock\n occurring between two threads that led to the inability\n of named to continue to service requests. This deadlock\n has been resolved with these updated packages so that\n named no longer becomes unresponsive under heavy load.\n (BZ#512668)\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=512668\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=2682\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96d90a76\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"bind-9.2.4-30.el4_8.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-chroot-9.2.4-30.el4_8.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-devel-9.2.4-30.el4_8.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-libs-9.2.4-30.el4_8.4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-utils-9.2.4-30.el4_8.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:52:15", "description": "A vulnerability has been found and corrected in ISC BIND :\n\nThe dns_db_findrdataset function in db.c in named in ISC BIND 9.4\nbefore 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when\nconfigured as a master server, allows remote attackers to cause a\ndenial of service (assertion failure and daemon exit) via an ANY\nrecord in the prerequisite section of a crafted dynamic update\nmessage, as exploited in the wild in July 2009 (CVE-2009-0696).\n\nThis update provides fixes for this vulnerability.", "edition": 25, "published": "2009-07-30T00:00:00", "title": "Mandriva Linux Security Advisory : bind (MDVSA-2009:181)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "modified": "2009-07-30T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:bind-utils", "p-cpe:/a:mandriva:linux:bind-doc", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:bind", "p-cpe:/a:mandriva:linux:bind-devel"], "id": "MANDRIVA_MDVSA-2009-181.NASL", "href": "https://www.tenable.com/plugins/nessus/40430", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:181. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40430);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0696\");\n script_bugtraq_id(35848);\n script_xref(name:\"MDVSA\", value:\"2009:181\");\n\n script_name(english:\"Mandriva Linux Security Advisory : bind (MDVSA-2009:181)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in ISC BIND :\n\nThe dns_db_findrdataset function in db.c in named in ISC BIND 9.4\nbefore 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when\nconfigured as a master server, allows remote attackers to cause a\ndenial of service (assertion failure and daemon exit) via an ANY\nrecord in the prerequisite section of a crafted dynamic update\nmessage, as exploited in the wild in July 2009 (CVE-2009-0696).\n\nThis update provides fixes for this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/node/474\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-9.5.0-3.4mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-devel-9.5.0-3.4mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-doc-9.5.0-3.4mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-utils-9.5.0-3.4mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-9.5.0-6.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-devel-9.5.0-6.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-doc-9.5.0-6.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-utils-9.5.0-6.4mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"bind-9.6.0-5.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"bind-devel-9.6.0-5.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"bind-doc-9.6.0-5.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"bind-utils-9.6.0-5.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-02T21:09:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing Security Update 2009-004.\n One or more of the following components are affected:\n\n BIND", "modified": "2017-02-22T00:00:00", "published": "2010-05-12T00:00:00", "id": "OPENVAS:102027", "href": "http://plugins.openvas.org/nasl.php?oid=102027", "type": "openvas", "title": "Mac OS X Security Update 2009-004", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Security Update 2009-004\n#\n# LSS-NVT-2010-016\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT3776\";\n\ntag_summary = \"The remote host is missing Security Update 2009-004.\n One or more of the following components are affected:\n\n BIND\";\n\n\nif(description)\n{\n script_id(102027);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2009-0696\");\n script_name(\"Mac OS X Security Update 2009-004\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.8\",\"Mac OS X Server 10.5.8\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.004\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.004\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.004\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.8\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.8\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.8\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2009.004\"))) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing an update for the ", "modified": "2019-04-04T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880855", "type": "openvas", "title": "CentOS Update for bind CESA-2009:1180 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2009:1180 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-July/016058.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880855\");\n script_version(\"2019-04-04T14:50:45+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-04 14:50:45 +0000 (Thu, 04 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1180\");\n script_cve_id(\"CVE-2009-0696\");\n script_name(\"CentOS Update for bind CESA-2009:1180 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"bind on CentOS 4\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\n Name System (DNS) protocols. BIND includes a DNS server (named), a resolver\n library (routines for applications to use when interfacing with DNS), and\n tools for verifying that the DNS server is operating correctly.\n\n A flaw was found in the way BIND handles dynamic update message packets\n containing the 'ANY' record type. A remote attacker could use this flaw to\n send a specially-crafted dynamic update packet that could cause named to\n exit with an assertion failure. (CVE-2009-0696)\n\n Note: even if named is not configured for dynamic updates, receiving such\n a specially-crafted dynamic update packet could still cause named to exit\n unexpectedly.\n\n This update also fixes the following bug:\n\n * when running on a system receiving a large number of (greater than 4.000)\n DNS requests per second, the named DNS nameserver became unresponsive, and\n the named service had to be restarted in order for it to continue serving\n requests. This was caused by a deadlock occurring between two threads that\n led to the inability of named to continue to service requests. This\n deadlock has been resolved with these updated packages so that named no\n longer becomes unresponsive under heavy load. (BZ#512668)\n\n All BIND users are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues. After installing the\n update, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~30.el4_8.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~30.el4_8.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~30.el4_8.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~30.el4_8.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~30.el4_8.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-26T08:55:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:040.", "modified": "2017-07-11T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64564", "href": "http://plugins.openvas.org/nasl.php?oid=64564", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:040 (bind)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_040.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:040 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted zone update packets could trigger an exception in\nbind causing it to exit. The attack works if BIND is master for a\nzone even if zone updates are not configured (CVE-2009-0696).\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:040\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:040.\";\n\n \n\nif(description)\n{\n script_id(64564);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:040 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-64bit\", rpm:\"bind-libs-64bit~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel-64bit\", rpm:\"bind-devel-64bit~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-64bit\", rpm:\"bind-libs-64bit~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel-64bit\", rpm:\"bind-devel-64bit~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-64bit\", rpm:\"bind-libs-64bit~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.5.0P2~18.7.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.4.2~39.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.4.1.P1~12.9\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing an update to bind\nannounced via advisory FEDORA-2009-8119.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064541", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064541", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8119 (bind)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8119.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8119 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating properly.\n\nUpdate Information:\n\nUpdate to the latest release which fixes important security issue.\nChangeLog:\n\n* Wed Jul 29 2009 Adam Tkac 32:9.6.1-4.P1\n- 9.6.1-P1 release (CVE-2009-0696)\n- fix postun trigger (#513016, hopefully)\n* Mon Jul 13 2009 Adam Tkac 32:9.6.1-3\n- fix broken symlinks in bind-libs (#509635)\n- fix typos in /etc/sysconfig/named (#509650)\n- add DEBUG option to /etc/sysconfig/named (#510283)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update bind' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8119\";\ntag_summary = \"The remote host is missing an update to bind\nannounced via advisory FEDORA-2009-8119.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64541\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8119 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514292\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "Oracle Linux Local Security Checks ELSA-2009-1179", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122462", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122462", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1179.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122462\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:51 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1179\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1179 - bind security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1179\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1179.html\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.4~10.P1.el5_3.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-26T08:55:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind\n bind-chrootenv\n bind-devel\n bind-doc\n bind-libs\n bind-utils\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65929", "href": "http://plugins.openvas.org/nasl.php?oid=65929", "type": "openvas", "title": "SLES10: Security update for bind", "sourceData": "#\n#VID slesp2-bind-6382\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for bind\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind\n bind-chrootenv\n bind-devel\n bind-doc\n bind-libs\n bind-utils\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65929);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES10: Security update for bind\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~1.29\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1181.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the ANY record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nThis update also fixes the following bug:\n\n* the following message could have been logged: internal_accept: fcntl()\nfailed: Too many open files. With these updated packages, timeout queries\nare aborted in order to reduce the number of open UDP sockets, and when the\naccept() function returns an EMFILE error value, that situation is now\nhandled gracefully, thus resolving the issue. (BZ#498164)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064507", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064507", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1181", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1181.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1181 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1181.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the ANY record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nThis update also fixes the following bug:\n\n* the following message could have been logged: internal_accept: fcntl()\nfailed: Too many open files. With these updated packages, timeout queries\nare aborted in order to reduce the number of open UDP sockets, and when the\naccept() function returns an EMFILE error value, that situation is now\nhandled gracefully, thus resolving the issue. (BZ#498164)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64507\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1181\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1181.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~25.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~25.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.2.4~25.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~25.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~25.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~25.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-09:12.bind.asc", "modified": "2018-04-06T00:00:00", "published": "2009-07-29T00:00:00", "id": "OPENVAS:136141256231064490", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064490", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-09:12.bind.asc)", "sourceData": "#\n#ADV FreeBSD-SA-09:12.bind.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from ADV FreeBSD-SA-09:12.bind.asc\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_insight = \"BIND 9 is an implementation of the Domain Name System (DNS) protocols.\nThe named(8) daemon is an Internet Domain Name Server.\n\nDynamic update messages may be used to update records in a master zone\non a nameserver.\n\nWhen named(8) receives a specially crafted dynamic update message an\ninternal assertion check is triggered which causes named(8) to exit.\n\nTo trigger the problem, the dynamic update message must contains a\nrecord of type ANY and at least one resource record set (RRset) for\nthis fully qualified domain name (FQDN) must exist on the server.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:12.bind.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-09:12.bind.asc\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64490\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Security Advisory (FreeBSD-SA-09:12.bind.asc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"7.2\", patchlevel:\"3\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"7.1\", patchlevel:\"7\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.4\", patchlevel:\"6\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.3\", patchlevel:\"12\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing an update to bind\nannounced via advisory FEDORA-2009-8119.", "modified": "2017-07-10T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64541", "href": "http://plugins.openvas.org/nasl.php?oid=64541", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8119 (bind)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8119.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8119 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses; a resolver library\n(routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating properly.\n\nUpdate Information:\n\nUpdate to the latest release which fixes important security issue.\nChangeLog:\n\n* Wed Jul 29 2009 Adam Tkac 32:9.6.1-4.P1\n- 9.6.1-P1 release (CVE-2009-0696)\n- fix postun trigger (#513016, hopefully)\n* Mon Jul 13 2009 Adam Tkac 32:9.6.1-3\n- fix broken symlinks in bind-libs (#509635)\n- fix typos in /etc/sysconfig/named (#509650)\n- add DEBUG option to /etc/sysconfig/named (#510283)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update bind' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8119\";\ntag_summary = \"The remote host is missing an update to bind\nannounced via advisory FEDORA-2009-8119.\";\n\n\n\nif(description)\n{\n script_id(64541);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-8119 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=514292\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.6.1~4.P1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696"], "description": "The remote host is missing updates to bind announced in\nadvisory CESA-2009:1181.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064585", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064585", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1181 (bind)", "sourceData": "#CESA-2009:1181 64585 2\n# $Id: ovcesa2009_1181.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1181 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1181\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1181\nhttps://rhn.redhat.com/errata/RHSA-2009-1181.html\";\ntag_summary = \"The remote host is missing updates to bind announced in\nadvisory CESA-2009:1181.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64585\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0696\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1181 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~25.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~25.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~25.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~25.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~25.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "[20:9.2.4-30.4]\n- security fix for remote DoS (CVE-2009-0696, #514292)\n[20:9.2.4-30.3]\n- fix potential deadlock on socket's control FDs (#512668) ", "edition": 4, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "ELSA-2009-1180", "href": "http://linux.oracle.com/errata/ELSA-2009-1180.html", "title": "bind security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "[20:9.2.4-25.el3]\n- security fix for remote DoS (CVE-2009-0696, #514292)\n[20:9.2.4-24.el3]\n- abort timeout queries to reduce the number of open UDP sockets (#498164)\n- handle EMFILE error from accept() gracefully (#498164)", "edition": 4, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "ELSA-2009-1181", "href": "http://linux.oracle.com/errata/ELSA-2009-1181.html", "title": "bind security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": " \n[30:9.3.4-10.P1.3]\r\n- fix named_sdb as well (CVE-2009-0696, #514292)\r\n \n[30:9.3.4-10.P1.2]\r\n- security fix for remote DoS (CVE-2009-0696, #514292)", "edition": 4, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "ELSA-2009-1179", "href": "http://linux.oracle.com/errata/ELSA-2009-1179.html", "title": "bind security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "Crash on dynamic update message with ANY type &#40;disablind dynamic updates doesn&#39;t eliminate problem&#41;.", "edition": 1, "modified": "2009-07-30T00:00:00", "published": "2009-07-30T00:00:00", "id": "SECURITYVULNS:VULN:10109", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10109", "title": "ISC bind named DNS server DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01837667\r\nVersion: 1\r\n\r\nHPSBTU02453 SSRT091037 rev.1 - HP Tru64 UNIX BIND Server, Denial of Service &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-08-06\r\nLast Updated: 2009-08-06\r\n\r\nPotential Security Impact: Denial of Service, &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with Tru64 UNIX running the BIND server. The\r\nvulnerability could be remotely exploited to create a Denial of Service &#40;DoS&#41;.\r\n\r\nReferences: CVE-2009-0696\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nTru64 UNIX 5.1B BL27\r\nTru64 UNIX 5.1B BL28\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-0696 &#40;AV:N/AC:M/Au:N/C:N/I:N/A:P&#41; 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following patches for the BIND server available to resolve the vulnerability. The patches are\r\navailable from the HP ITRC. Patch kit\r\n ITRC Download Location\r\n MD5 and SHA1 Checksum\r\n\r\nT64KIT1001630-V51BB27-ES-20090803\r\n https://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001630-V51BB27-ES-20090803\r\n MD5 results: 639bf32e22db9ca317b0e91818a100fb\r\nSHA1 results: 53d4010e7e982b57f2e4f4fb5aa33ac1f5114ff3\r\n\r\nT64KIT1001631-V51BB28-ES-20090803\r\n https://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001631-V51BB28-ES-20090803\r\n MD5 results: 0e9c865cd7711186a632fc708f39f00f\r\nSHA1 results: b964395cc1012a47b056aa3fa55a9602c3c16d3a\r\n\r\nNote:\r\nThe patch kit installation instructions and the Patch Summary and Release Notes documents provide patch kit\r\ninstallation and removal instructions and a summary of each patch. Please read these documents prior to\r\ninstalling patches.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nNone\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; 06 August 2009 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP\r\nsoftware products should be applied in accordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to:\r\nsecurity-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP,\r\nespecially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is\r\ncontinually reviewing and enhancing the security features of software products to provide customers with\r\ncurrent secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the\r\naffected HP products the important security information contained in this Bulletin. HP recommends that all\r\nusers determine the applicability of this information to their individual situations and take appropriate\r\naction. HP does not warrant that this information is necessarily accurate or complete for all user situations\r\nand, consequently, HP will not be responsible for any damages resulting from user&#39;s use or disregard of the\r\ninformation provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either\r\nexpress or implied, including the warranties of merchantability and fitness for a particular purpose, title\r\nand non-infringement.&quot;\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein.\r\nThe information provided is provided &quot;as is&quot; without warranty of any kind. To the extent permitted by law,\r\nneither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or\r\nconsequential damages including downtime cost; lost profits;damages relating to the procurement of substitute\r\nproducts or services; or damages for loss of data, or software restoration. The information in this document\r\nis subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products\r\nreferenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other\r\nproduct and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;HP-UX&#41;\r\n\r\niEYEARECAAYFAkp8JRIACgkQ4B86/C0qfVki5ACffhNycQQzASLucAYTe5w7+iPx\r\nAGoAn2amq12AJs+7IyEmqqFTx7ybtp8U\r\n=N6KA\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-07-18T00:00:00", "published": "2010-07-18T00:00:00", "id": "SECURITYVULNS:DOC:24279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24279", "title": "[security bulletin] HPSBTU02453 SSRT091037 rev.1 - HP Tru64 UNIX BIND Server, Denial of Service &#40;DoS&#41;", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "BIND Dynamic Update DoS\r\nCVE:\r\n\t \tCVE-2009-0696 \t \r\nCERT:\r\n\t \tVU#725188 \t \r\nPosting date:\r\n\t \t2009-07-28 \t \r\nProgram Impacted: \r\n\t \tBIND \t \r\nVersions affected: \r\n\t \tBIND 9 &#40;all versions&#41;\r\nSeverity:\r\n\t \tHigh \t \r\nExploitable:\r\n\t \tremotely \t \r\nSummary:\r\n\t \tBIND denial of service &#40;server crash&#41; caused by receipt of a specific remote dynamic update message.\r\nDescription:\r\n\r\nUrgent: this exploit is public. Please upgrade immediately.\r\n\r\nReceipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.\r\n\r\nThis vulnerability affects all servers that are masters for one or more zones \u2013 it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.\r\n\r\ndns_db_findrdataset&#40;&#41; fails when the prerequisite section of the dynamic update message contains a record of type \u201cANY\u201d and where at least one RRset for this FQDN exists on the server.\r\n\r\ndb.c:659: REQUIRE&#40;type != &#40;&#40;dns_rdatatype_t&#41;dns_rdatatype_any&#41;&#41; failed\r\nexiting &#40;due to assertion failure&#41;.\r\nWorkarounds:\r\nNone.\r\n\r\n&#40;Some sites may have firewalls that can be configured with packet filtering techniques to prevent nsupdate messages from reaching their nameservers.&#41;\r\nActive exploits:\r\nAn active remote exploit is in wide circulation at this time.\r\nSolution:\r\n\r\nUpgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions can be downloaded from:\r\n\r\n http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\n\r\n http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\n\r\n http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\n\r\nAcknowledgment:\r\n\r\nMatthias Urlichs for reporting the problem.\r\nTom Daly for methodical follow-on testing.\r\nRevision History:\r\n\r\n2009-07-28 Initial text\r\n2009-07-29 Update to reflect Tom Daly&#39;s findings\r\n", "edition": 1, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "SECURITYVULNS:DOC:22238", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22238", "title": "BIND Dynamic Update DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01835108\r\nVersion: 1\r\n\r\nHPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-08-06\r\nLast Updated: 2009-08-06\r\n\r\nPotential Security Impact: Remote Denial of Service &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be\r\nexploited remotely to create a Denial of Service &#40;DoS&#41;.\r\n\r\nReferences: CVE-2009-0696\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP-UX B.11.11, B.11.23, B.11.31 running BIND v9.3.2 or BIND v9.2.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-0696 &#40;AV:N/AC:M/Au:N/C:N/I:N/A:P&#41; 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following preliminary software updates to resolve the vulnerability for BIND v9.2.0 and\r\nBIND v9.3.2.\r\nThe updates can be downloaded from: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX Version\r\n BIND Version\r\n File\r\n\r\nB.11.11\r\n 9.2.0\r\n BINDv920-WUPGRADE_1111.depot\r\n\r\nB.11.23\r\n 9.2.0\r\n UNOF_PHNE40089_1_1123.depot\r\n\r\nB.11.11\r\n 9.3.2\r\n BIND932_1111.depot\r\n\r\nB.11.23\r\n 9.3.2\r\n BIND932_1123.depot\r\n\r\nB.11.31\r\n 9.3.2\r\n BIND93WU_1131.depot\r\n\r\nFile\r\n SHA-1 Sum\r\n\r\nBINDv920-WUPGRADE_1111.depot\r\n 2197F121 1BDFAFA5 E8A98F60 91F50F2D 284E4177\r\n\r\nUNOF_PHNE40089_1_1123.depot\r\n 3600737E 62452810 5192FBE5 E7303C21 6337DACC\r\n\r\nBIND932_1111.depot\r\n E500B740 9A2A7C5E F8A8A5B2 087B272F 3D8B5A09\r\n\r\nBIND932_1123.depot\r\n D03F0725 48B15DAD 26A2AD87 3E3DE50F 91937ABA\r\n\r\nBIND93WU_1131.depot\r\n F04EBFA7 36A95873 3E0453F3 EA979EEB 857A59B9\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\n\r\nDownload and install the preliminary software updates.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\r\nPatch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a\r\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\r\nsee: https://www.hp.com/go/swa\r\n\r\nAFFECTED VERSIONS\r\n\r\nFor BIND v9.3.2\r\nHP-UX B.11.11\r\n=============\r\nBindUpgrade.BIND-UPGRADE\r\naction: install BIND932_1111.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX B.11.23\r\n=============\r\nBindUpgrade.BIND-UPGRADE\r\nBindUpgrade.BIND2-UPGRADE\r\naction: install BIND932_1123.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX B.11.31\r\n=============\r\nNameService.BIND-AUX\r\nNameService.BIND-RUN\r\naction:install BIND93WU_1131.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nFor BIND v9.2.0\r\nHP-UX B.11.11\r\n=============\r\nBINDv920.INETSVCS-BIND\r\naction: install BINDv920-WUPGRADE_1111.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX B.11.23\r\n=============\r\nInternetSrvcs.INETSVCS-INETD\r\nInternetSrvcs.INETSVCS-RUN\r\nInternetSrvcs.INETSVCS2-RUN\r\naction: install UNOF_PHNE40089_1_1123.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 6 August 2009 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP\r\nsoftware products should be applied in accordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to:\r\nsecurity-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP,\r\nespecially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is\r\ncontinually reviewing and enhancing the security features of software products to provide customers with\r\ncurrent secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the\r\naffected HP products the important security information contained in this Bulletin. HP recommends that all\r\nusers determine the applicability of this information to their individual situations and take appropriate\r\naction. HP does not warrant that this information is necessarily accurate or complete for all user situations\r\nand, consequently, HP will not be responsible for any damages resulting from user&#39;s use or disregard of the\r\ninformation provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either\r\nexpress or implied, including the warranties of merchantability and fitness for a particular purpose, title\r\nand non-infringement.&quot;\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein.\r\nThe information provided is provided &quot;as is&quot; without warranty of any kind. To the extent permitted by law,\r\nneither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or\r\nconsequential damages including downtime cost; lost profits;damages relating to the procurement of substitute\r\nproducts or services; or damages for loss of data, or software restoration. The information in this document\r\nis subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products\r\nreferenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other\r\nproduct and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;HP-UX&#41;\r\n\r\niEYEARECAAYFAkp7Op4ACgkQ4B86/C0qfVlxPACgqj0Nxvg7BivlC2gFr6kS35cs\r\nnREAoIbEUEyQTVngf6kWM8JhfBnV4orx\r\n=GJSl\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-07-18T00:00:00", "published": "2010-07-18T00:00:00", "id": "SECURITYVULNS:DOC:24280", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24280", "title": "[security bulletin] HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service &#40;DoS&#41;", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n\nISC has published an announcement here:\n\n https://www.isc.org/node/479\n\nAnd CERT has published an advisory here:\n\n http://www.kb.cert.org/vuls/id/725188\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/bind-9.4.3_P3-i486-1_slack12.2.tgz: Upgraded.\n This BIND update fixes a security problem where a specially crafted\n dynamic update message packet will cause named to exit resulting in\n a denial of service.\n An active remote exploit is in wide circulation at this time.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n https://www.isc.org/node/479\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4.3_P3-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.4.3_P3-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.4.3_P3-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.4.3_P3-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.4.3_P3-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.4.3_P3-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.4.3_P3-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.3_P3-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4.3_P3-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.4.3_P3-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.4.3_P3-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.4.3_P3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\na80dcb15eb2b64cbbb74094a14cf43ce bind-9.4.3_P3-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n5f076dd18643481aa7ac05d0e5f842c9 bind-9.4.3_P3-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nd6c317bc01909ffd59b27510a3d3e00a bind-9.4.3_P3-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n31d34b00234299cb43adc06a8e5f0ea5 bind-9.4.3_P3-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n5c52f3896416ff260eedbf625db2f0a0 bind-9.4.3_P3-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\ncc4a9d222077cc66ef42f46b94ef999b bind-9.4.3_P3-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\na7eae43c7dbacb05ca5b5968926713da bind-9.4.3_P3-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nc52604266a652e08173ace69c8676775 bind-9.4.3_P3-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\ndc2c7ee229176f17159a36b426eb76b7 bind-9.4.3_P3-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n0a438a7403bd82d331f1484a73f6b92b bind-9.4.3_P3-i486-1_slack12.2.tgz\n\nSlackware -current package:\na3c9df7a63ca906aab873ab1c75b797d bind-9.4.3_P3-i486-1.txz\n\nSlackware64 -current package:\n17910d0674e4fbf9d364a599a86a8ab6 bind-9.4.3_P3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.4.3_P3-i486-1_slack12.2.tgz\n\nThen, restart bind:\n\n/etc/rc.d/rc.bind restart", "modified": "2009-07-29T22:52:55", "published": "2009-07-29T22:52:55", "id": "SSA-2009-210-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499", "type": "slackware", "title": "bind", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-08T23:36:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "Micha Krause discovered that Bind did not correctly validate certain \ndynamic DNS update packets. An unauthenticated remote attacker could \nsend specially crafted traffic to crash the DNS server, leading to a \ndenial of service.", "edition": 5, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "USN-808-1", "href": "https://ubuntu.com/security/notices/USN-808-1", "title": "Bind vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:37:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1179\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028090.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028091.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/040427.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/040428.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-sdb\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1179.html", "edition": 6, "modified": "2009-07-30T01:08:44", "published": "2009-07-29T19:12:50", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028090.html", "id": "CESA-2009:1179", "title": "bind, caching security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:26:16", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1181\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nThis update also fixes the following bug:\n\n* the following message could have been logged: \"internal_accept: fcntl()\nfailed: Too many open files\". With these updated packages, timeout queries\nare aborted in order to reduce the number of open UDP sockets, and when the\naccept() function returns an EMFILE error value, that situation is now\nhandled gracefully, thus resolving the issue. (BZ#498164)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028092.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028093.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1181.html", "edition": 3, "modified": "2009-07-29T20:55:33", "published": "2009-07-29T20:55:11", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028092.html", "id": "CESA-2009:1181", "title": "bind security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:24:02", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1180\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nThis update also fixes the following bug:\n\n* when running on a system receiving a large number of (greater than 4,000)\nDNS requests per second, the named DNS nameserver became unresponsive, and\nthe named service had to be restarted in order for it to continue serving\nrequests. This was caused by a deadlock occurring between two threads that\nled to the inability of named to continue to service requests. This\ndeadlock has been resolved with these updated packages so that named no\nlonger becomes unresponsive under heavy load. (BZ#512668)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028096.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028097.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1180.html", "edition": 3, "modified": "2009-07-30T19:55:56", "published": "2009-07-30T19:55:19", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028096.html", "id": "CESA-2009:1180", "title": "bind security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:30:57", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1847-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJuly 29, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : bind9\nVulnerability : improper assert\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-0696\nCERT advisory : VU#725188\nDebian Bug : 538975\n\nIt was discovered that the BIND DNS server terminates when processing a\nspecially crafted dynamic DNS update. This vulnerability affects all\nBIND servers which serve at least one DNS zone authoritatively, as a\nmaster, even if dynamic updates are not enabled. The default Debian\nconfiguration for resolvers includes several authoritative zones, too,\nso resolvers are also affected by this issue unless these zones have\nbeen removed.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch5.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 9.5.1.dfsg.P3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:9.6.1.dfsg.P1-1.\n\nWe recommend that you upgrade your bind9 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5.diff.gz\n Size/MD5 checksum: 302807 d58923a064b84f21ed5c10e2ffc44bfc\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5.dsc\n Size/MD5 checksum: 1197 d1a95e7520896c321241e2f3350c9a19\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz\n Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch5_all.deb\n Size/MD5 checksum: 187662 8291dca5aca59a2b86417247e19e7e14\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 97070 c40d4f4c024e0a8f7ef63700b48fe6f1\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 552696 808b613129afc50911014242adb41724\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 96290 3c47488088bffe8efe2445619b21de94\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 117160 70d1df4da01977d952258afc695c5fb2\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 187822 d8263b75b2750324e18d3539aa002415\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 115010 7788e7bd6b8ab327dd6d7a4678065ad2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 111440 86e9406ec8bac96ac2c8760b410bd91d\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 224570 8611e1920610ba9f2d6b08255ab43a34\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 317734 d92e1b3fa83f554592b621626a287e5d\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 1107958 fc3739b06eefc491780b4a78b29675d5\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 190916 7095039b2eb4335d878e669bfa56eeb1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 1260850 894b1ec4f8b66d8c04c17526bd580600\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 188420 96aa3636a3d7075d75f8a257166b9a5c\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 113176 5a7408d6151b5752e834620dd703dcce\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 217598 0c845420b5d4968f3364b96e6684f45f\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 114376 12f36f415d4c71e5bd77abb6fb49602a\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 313948 4efc5d183d8ccb654fbe01454d26f2e6\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 96792 55d55ed2b215fd55752508ea3cfe9f02\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 115866 1a0e6b9a6a4b8e38b6e2601039f09897\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 185656 4559ec9ad0aaa3b4b18383e6ca6e5b0f\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 96610 c16a367a3a241c4b7e47f402b56ca018\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 543438 fcb50e06d47d355110350eaf096de50a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 170374 b7d3e4a9defb5da1a54efb460bebf1b3\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 995354 523bfb562b342c75ede6aa795b8ce600\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 113324 4b20b6e1d884ef6cf3863049a3f37e20\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 95194 909245ba71a5deb01e4f782a87ad637b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 180980 8a72240a3a2dbb85d5f82321aa55c9bc\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 106244 8cf5350de4ee1212112d9a5e1a823cd0\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 110374 ee069c2941489f9e8c98932c1a774fd3\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 206676 82e507651029444eccc3674a0982e700\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 95182 9bb5fd8a1f39b4fa3ac9575e3d6f0afb\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 296374 614f276b0d2b011455854fed70247796\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 472916 af8ea52d6a6dc8df48d6a7ccdd0b5eb6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 216588 2b5fa1ddfa589a69991e44e140166d7a\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 393582 a5d4b0d4d618ee7dd4e1e3cdd49e34ad\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 1584492 3048c04d777a7164fccf3abb1665b9c2\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 126016 5208c4237e14bbe5427afb879037b50f\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 232240 aef693bd7a485bb0741f1375d032854b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 127792 a258d0495696498c1c14f880f8937a72\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 102614 34c98500ab1599c44f850b0b98f30189\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 281128 4907fdb45525d18b43c155365699edc0\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 740444 15caae237add4c86cb8de31c921af2c5\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 100160 392cddad06d1b2ee8a714f59bb8393ca\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 117966 1702f986e2b0aa39094fcff4daf71a86\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 180712 5bc856c76fdfc72101ee04ef5cd71be3\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 1229564 c073b518c837d5ebbaeb54d4118ac5ad\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 108086 9675ff86b40c3d9464eb412912cf2aa4\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 174222 3693b1e26f3dba15a46afd2d81572a24\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 301718 10b85a330b2c43f5938b21a0a7be56bc\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 113484 c8c53918101772fd0ddb3b62e29fd1c1\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 94392 bb9973a7c301db7ac41a07ace6b73d88\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 95162 a4fe9cc17f38939093968bb44e1813ad\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 110504 2f91fde79bd1e6183ddcd29c3dcf74d2\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 211592 911f400f3b87b0731d2d1ab30a97153d\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 492000 473f26759ba80e221eb860b9dcad2895\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 1205608 7fe9cdeda499c947dce6679b96244df2\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 488404 4b60ce340544aa563ee855a513ae698a\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 179834 7267ad81f04e2631d45661389208c25a\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 174342 77a1a09ae59c1fccfc5315db9ad93b38\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 95120 caef296539e140883172524fe1b9eec5\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 107346 3533e43159d5ef81eb80be3f9ddce9d9\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 299696 01f0a0d9f5c6003e42d5a18ee9edf5da\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 211088 d2d570f35ee281f458239c51114210f3\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 110424 7300faf402c425ded6bfe910f93d99e0\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 113224 8f1182a452d6e6ce8e91701a05e74bb6\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 94280 1b461b4a56ffb07cf9c97f73577ea13c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 1168122 69a98c1b78ba7be7afd7382c1897ea69\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 183650 be3bc88c02011bfe9d18e0ecc2437fc5\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 488536 f1ce2ef0956643fa9685a75da1322765\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 206230 2e2c87b29a17a04a5ca4aaee42e64ef7\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 112390 05a0d83b39a1df51ba10475e6381e11a\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 113834 537f39d15dd68ecebcbb301f3af6933a\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 96264 cb2b186b970a374f003e69a051987ee0\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 303250 f65257ae4f2ad5031589d406dc6e37b1\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 109386 e2ffa239375871cd57f2b7a756f234c3\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 96312 6c19ac64f71a4697965f553a342e341a\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 173704 5ab96f0f65522e5c5d7515e0fd594a80\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 493776 65e8efda6edc323cd0016f1283431023\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 210874 6eb1d8e0bcf4ae34644945811aa8d975\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 95012 78a2e7807de54d4e92dd867b996c2756\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 114488 01817b79cda4d1cc9291b5fc14ee87db\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 111330 8fb0e99191cfc5953a3f914d6280414d\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 300350 f0f1171a17e3c7b6f639c53a2bbf63cc\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 107762 55b3e9e830c779fe76c047b9aa59cc27\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 175410 cfecadab15451e366618cbda28d218ee\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 95010 073110449f1b76ced612835136d59a50\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 184272 f00c69a1a50d3e0f47d045427bd6dccb\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 1121904 61952ec2b2515b8c02fb045d59cb9e73\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz\n Size/MD5 checksum: 5221004 dc87f5d14403bee19b0c1d04b4de9252\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc\n Size/MD5 checksum: 1049 8e109829ee1dd553cf4799cd9af7ef2f\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz\n Size/MD5 checksum: 224291 c878e3c0edb31dca8e74b42a0fa06efc\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb\n Size/MD5 checksum: 264860 bc456e91b46eab565438222f0b6e97d2\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 170112 4f93acca6dd5ca447e00da53c4c8387f\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 257008 014ce4cef9a0ecd3775b79170c3e7df3\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 32428 7fc08b3daa59a0023b7cedcaf8ec2203\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 152262 f855f9d1465d22ef1cec197bacdbdf1e\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 50906 978ab4c3a9a3cc0ea851c5ba117a5461\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 29608 ebdff030cf84bec066a0a5aebea8dd3a\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 103838 8295357195da254901d61276bb9a7c6d\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 63114 a19b257d389a0a84f963bf316946cfbe\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 611884 aaef860fde98f6a525a16d789b37216b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 49582 dd5d24b0acd7192ce656ea175cfff8f2\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 213824 fca07baffb898b93a4460a8ce5596b16\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 1625476 e3ddc9fb079cee05097214b3057f1029\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 212176 ab42f6daa6d079035ef6a16eb644dabf\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 154944 684dcaa493c32e3596b3685c26f173aa\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 255048 f3fd746ba24e74230cba606b0a5f61ea\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 97132 df3664fb075f561d9b519a5517154b14\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 601910 358d0cdea486df897666661d78b7a8e5\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 163698 9e7a5a67b9c681e836bd0bfa0b779004\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 64394 410430ff014240042b527bfe607621c1\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 50634 6315afa492be63b377fe44126ae82b1b\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 28820 d94a961e42289f1b1978f2b66add6dec\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 31816 82679c58157e3aead368abb56dd39aa3\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 1332918 5d086997e4b13abb6bea5ad3c1920f08\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 48110 e193057861c47e3fad50884ffd8a5d5c\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 153356 7da228fed9a23e646aab45fcfc32f110\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 151402 8513c2b9cba6c2b8e1f96817242df060\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 204822 8c2e4a16fd0d92d57370303d60930c7f\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 63498 74a46c66387d7a5197ccfb361c27b424\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 247792 97478f5b11e168358a9dcacf8ae85b64\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 31034 9ed01f4ab47318d8487b627353497696\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 93520 d578e9a3247f4ce4c581138156da5ed3\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 26502 ef613f2d916c6411df1ab8556df82163\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 42648 89d93cebd00a1e649d7cd3d71583d03a\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 559200 7206682d171fef33b8d40cb645cbcf0b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 42494 f4a84c825341bf034ef36b96a2993020\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 1170570 1827326c2b1e1c6bfd745069885fd799\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 47088 eed022f2660d8a53acc188f9941d4512\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 261600 2bb12fbaf1dd9bbe88a4f194a118de2d\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 34152 b9681888cacb25d47cf02d2f6bd61ee0\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 218982 3dc67baeb3790b34dc90cebdab4749ac\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 165968 f6789216991c9a1b673a8ba8032ab2c1\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 618966 edf48b74ab4ee741a4b57e5ebaac5426\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 65186 f26719ac44dc300f426f2851d3df8cef\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 28708 c809cd04bf3c16860a825557efa4ae3a\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 50878 14f6f5ad23dd30dec2fa0109c9b57940\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 156604 cf5ff182872fa3929796637ccafad8ee\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 101180 1084563c72b32aa4c3fd28e39c4c9331\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 1446422 773c9efe2521881f6021026c1249aa57\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 1263682 91c4b4f2a24aae64cf6ab504074c6cf4\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 242304 3d6da858df0b9ec362cfbdfddda41606\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 27020 328fcd7a9f2e102dc24f2c059129f2aa\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 45310 2d0dcd0aa04dfbd28b5f5faf26ec5e4b\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 44354 322ec576af6559a2f4242368cd6161a0\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 199388 d71779a3ea70009eee00a0b5089c331f\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 32348 3877c0a75d4a51c95205caefb89ff5bf\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 149892 1ef7412ece675170d16720e7bafbb89e\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 548164 16c6f4937ee87ef3f8a45d4da702b198\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 144226 4bc1457543e3808f32a2349d1886fa25\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 60922 e6ce9b75b33ba64f515ddfbff6a63b89\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 92888 68b2b2ce4fccaca1d94cdc9398221795\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 60024 ee3649d8afa1cdf9871e457479994a19\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 200304 14c08a76d6bea5db15f6d406f1a8035b\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 126162 28f947c3c336e35c3ea92a028fd8520a\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 231082 738a405bf2d8a6c0e31fa13eb14dbedb\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 856476 b4bd3011e55a33a27aab17808965cbfc\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 37162 530f4d128c8fe49eb1a69a9b1b25de02\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 1862294 06514180b6ce7f36fc6c75220a746860\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 57416 c10914f2ce9d2fdadd76fdacb3e51e34\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 286454 e52e854e1164bc98ac70adfbdaa35b6b\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 33656 122abc5aa28c46469e03f9f4014214b2\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 328946 a4ff895501c7920c0dacfeb6c76c4584\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 81964 5212a8a5cf1875abeda40af5635924b9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 44198 a9154ac066774406cb1057a79f9ff0e7\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 1407996 6d41e52863892554c33856d4f6d26039\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 142800 e7306f02b48132f2b4cb915d5aa71268\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 197718 e0432cc6af52e952c1bfaafd4de3e88b\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 26922 4c5c1f1c7ec12d1823fc6c5c936a738c\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 527510 8eafffe6d5439e68ff0ac87178a5ee3b\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 146786 0492e8d973d51e06a2290b62a1cb0cda\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 60132 0f44616374b1ca227481ff1b67de0089\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 42238 8224216a87ae83d960149ad99b5e82f4\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 30360 42978ac424bc7e8f95ead983f85be42d\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 239974 6961c135b77a51cd1647d569a01c5faa\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 92650 9389303535690e80d61a7f5c778584e6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 1396662 b098e782b36d52016e34b60fd567c2b8\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 142508 63f3fa09a187ab2d00c40d8f05350bd5\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 30288 ac952744e0c289967ebab7ef050cacaa\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 238914 448d88eb5bdcfef5afc228d61b2d8e81\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 42314 aaeeedb064b0bd2dfb93d2d0388a9eca\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 148052 39dd77b2b11f7c45a37c812b99cd51b6\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 526440 426d663a1072d7883190a695d6ccbd79\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 59988 99632c1a5a79f01ea8ec6b6190d39943\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 196422 35c80d067d88b401f6fb2cf8531615a2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 43174 23abb83d07edb421d79ab4806c2815a9\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 27008 895dd116b09ec3655cc056a635f748af\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 92226 b6e50a34930031804c9499b6a435e050\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 256908 55fa16432472a850feba19f4c77d4267\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 1231990 9f43eb76fbf81570b1f3e2bcde84c9e3\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 213784 298331ac0d2b2f62776f2b0adcb9587b\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 34556 c24f3df80d23da3fd32002203dd5c99b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 157988 91baf8ee51797fc5f713aa704933a7ce\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 114976 213e59dabec221b8e2222233ed323c9d\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 48878 0d40842dab046d93b23e94eb54a6a2b3\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 30276 690ccba365749bf7a496a7a4002e4baa\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 65154 bf6593638cb905e5d7a7cc27f1c61af5\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 584234 1e08d95df5bc8803c8d1e6f7563920b6\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 48630 8b691a37c63da33331ac1954c322187f\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 162362 1120ba40fc7c45e5e28ca85314401fa2\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 1326896 942e87deb18e0c74bf01e8fcb3b1a30d\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 32550 b497be5bca1a73b241df873ff84318ec\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 99842 05f2dd008dfacc5db9fc927ac961ef46\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 223298 c8fd7ed3b53e869dc73893a0a9352afa\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 164268 778ed887c80b1012704c4ae5492bd299\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 167280 0bb6186a2e8ed7f342f0755231c78168\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 593832 fe5b9713cc8644ac2b85da01ad0f53b0\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 28936 b9686cee7c6fd3e8886a6c464bf1b07a\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 50588 27791f42c9a8fe4478f72188b401ad59\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 266352 1a0ea76ae8a4325cc385b728537018bd\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 69220 ef234ae1adfeb99182a9bb5b75aa642c\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 46642 76053697cd735c3a16942379843ce4b3\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 63838 b8ad39a7c210c1dedaf342d27cfbf09b\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 31186 ca1f01c6aeeb2c955090da2d322353dc\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 26386 f10103951165623cfd3bdffc1a62d541\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 44264 6d397e7ce8eee135e12eaade598c4636\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 207898 9d0f81bbd6c23e78fe01638ca8baad05\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 152124 84f90736075522f11d915b5ec3c5854f\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 96126 c73d67340b279a116e8a73cc33cc06de\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 1339762 fa0d5e0745643dd94478803967e168e4\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 250788 28f36259000669f0938d3cd157514a1c\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 541328 cddd85c4601f9c2ceb58082c7630c2e5\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 148974 5e2e1e75352e36502c53f299538ea0c0\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 42758 55de10b65dd6fa4546c68850fe7512f7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 9, "modified": "2009-07-29T07:21:48", "published": "2009-07-29T07:21:48", "id": "DEBIAN:DSA-1847-1:73C4F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00162.html", "title": "[SECURITY] [DSA 1847-1] New bind9 packages fix denial of service", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:42:14", "bulletinFamily": "info", "cvelist": ["CVE-2009-0696"], "description": "### Overview \n\nISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.\n\n### Description \n\nThe [Berkeley Internet Name Domain](<https://www.isc.org/software/bind>) (BIND) is a popular Domain Name System (DNS) implementation from [Internet Systems Consortium](<http://www.isc.org/>) (ISC). It includes support for dynamic DNS updates as specified in IETF [RFC 2136](<http://tools.ietf.org/html/rfc2136>). BIND 9 can crash when processing a specially-crafted dynamic update packet.\n\nISC notes that this vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates. ISC also indicates that the attack packet has to be constructed for a zone for which the target system is configured as a master; launching the attack against slave zones does not trigger the vulnerability. \n \n--- \n \n### Impact \n\nBy sending a specially-crafted dynamic update packet to a BIND 9 server, a remote, unauthenticated attacker can cause a denial of service by causing BIND to crash. \n \n--- \n \n### Solution \n\n**Apply an update** \nUsers who obtain BIND from a third-party vendor, such as their operating system vendor, should see the systems affected portion of this document for a partial list of affected vendors. \n \nThis vulnerability is addressed in ISC BIND versions 9.4.3-P3, 9.5.1-P3, and BIND 9.6.1-P1. Users of BIND from the original source distribution should upgrade to one of these versions, as appropriate. \n \nSee also <https://www.isc.org/node/474>. \n \n--- \n \n### Vendor Information\n\n725188\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Inc. __ Affected\n\nNotified: July 28, 2009 Updated: August 17, 2009 \n\n**Statement Date: August 13, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nApple has published [Security Update 2009-004](<http://support.apple.com/kb/HT3776>) in response to this issue. Users are encouraged to review this bulletin and apply the patches that it refers to.\n\n### BlueCat Networks, Inc. __ Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`BlueCat Networks has incorporated the ISC patches related to the Dynamic Update \nDDoS vulnerability (CVE-2009-0696, VU#725188) into the following versions of \nthe Adonis DNS/DHCP appliances: \n \n \n \nAdonis v5.0.4 \nAdonis v5.1.X \nAdonis v5.5.X \nAdonis v6.0.9 \n \n \n \nNB: Patches can be applied to any Minor version of Adonis which fall within the \nversions listed above. \n \nBlueCat is currently investigating making the patch available for older product \nversions. More information about the availability of updates can be found at \n`[`http://www.bluecatnetworks.com/clientsupport/vulnerability_information`](<http://www.bluecatnetworks.com/clientsupport/vulnerability_information>)` \n \nThe patches can be obtained from BlueCat Networks Support, who can be contacted \nat `[`http://www.bluecatnetworks.com/clientsupport`](<http://www.bluecatnetworks.com/clientsupport>)\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Debian GNU/Linux __ Affected\n\nNotified: July 28, 2009 Updated: August 03, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe Debian Security Team has published [Debian Security Advisory DSA-1847](<http://www.debian.org/security/2009/dsa-1847>) in response to this issue. Users are encouraged to review this advisory and apply the patches it describes.\n\n### F5 Networks, Inc. __ Affected\n\nNotified: July 28, 2009 Updated: July 31, 2009 \n\n**Statement Date: July 31, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`F5 confirms that this is a remote vulnerability affecting the following products: \n \nBIG-IP GTM 9.3.1, 9.4.5, 9.4.6, 9.4.7, 10.0.1 \n \nThe following products are not vulnerable: \n \n* WebAccelerator is not vulnerable (all versions) \n* ARX is not vulnerable (all versions) \n* Link Controller (all versions) \n* WanJet is not vulnerable (all versions) \n* Firepass is not vulnerable (all versions) \n* SAM is not vulnerable (all versions) \n* ASM is not vulnerable (all versions) \n \nThe following products ship with vulnerable versions of BIND. However, BIND is disabled and these products are therefore not vulnerable. \n \nEnterprise Manager 1.6, 1.7, 1.8 \nBIG-IP LTM 9.3.1, 9.4.5, 9.4.6, 9.4.7, 9.6.1, 10.0.1 \n \nPatches are being readied now -- please use your normal support channel to get them. \n \nMore information is available at \n`[`https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html`](<https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html>)\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. __ Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`All supported versions of FreeBSD are vulnerable to this issue. \n \nThe FreeBSD Security Team has released the FreeBSD Security Advisory `[`FreeBSD-SA-09:12.bind`](<http://security.freebsd.org/advisories/FreeBSD-SA-09:12.bind.asc>)` in response to this issue.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company __ Affected\n\nNotified: July 28, 2009 Updated: August 26, 2009 \n\n**Statement Date: August 07, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nHewlett-Packard has released the following security bulletins in response to this vulnerability:\n\n * HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)\n * HPSBOV02452 SSRT090161 rev.1 - HP TCP/IP Services for OpenVMS BIND Server Remote Denial of Service (DoS)\n * HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS)\n \nThese documents are available to registered users at the or in the copies attached below. Users are encouraged to review these documents and apply the appropriate updates for their systems. \n \n\n\n### Infoblox __ Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Infoblox has incorporated the ISC patches to our version of BIND related to CERT VU#725188 (CVE-2009-0696) denial of service vulnerability.` \n`The following Infoblox NIOS releases include the patch as of 7/28/2009:` \n`\" 4.2r5-5` \n`\" 4.3r2-9` \n`\" 4.3r4-4` \n`\" 4.3r5-1` \n \n`These patches are available on the Infoblox Support Site at `[`http://www.infoblox.com/support/`](<http://www.infoblox.com/support/>)`.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nNote that the vendor's announcement regarding this vulnerability on the support page listed above has been updated as of 2009-07-29.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23725188 Feedback>).\n\n### Internet Systems Consortium __ Affected\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThis issue is addressed in BIND versions [9.4.3-P3](<http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&noframes=1>), [9.5.1-P3](<http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&noframes=1>), and BIND [9.6.1-P1](<http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&noframes=1>). Users are encouraged to upgrade to the appropriate version.\n\nSee also <https://www.isc.org/node/474>.\n\n### Vendor References\n\n * <https://www.isc.org/node/474>\n * [http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&amp;noframes=1 ](<http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&noframes=1\n>)\n * [http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&amp;noframes=1 ](<http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&noframes=1\n>)\n * [http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&amp;noframes=1](<http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&noframes=1>)\n\n### Nixu __ Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`========================== \nNIXU ADVISORY ON VU#725188 \n========================== \n \n===================== \nNixu NameSurfer Suite \n===================== \nAll Nixu NameSurfer versions ship with a proprietary primary DNS server is \nnot affected by VU#725188. Therefore, when Nixu NameSurfer is run as the \nprimary DNS server, no action is required to protect the master DNS server \nagainst this threat. \n \nNixu NameSurfer Suite 6.5.2 ships with an optional companion BIND 9.6.1 \nserver that can be installed on the same server running Nixu NameSurfer \nSuite. If the companion BIND 9.6.1 server has been activated at install and \nis used to run localhost (127.0.0.1) as a master zone, Nixu recommends \neither of the following approaches: \n \n1) the master zone on localhost BIND is disabled \n2) the localhost BIND is patched to version 9.6.1-P1 \n \nPlease note that a failure in the localhost BIND due to the vulnerability \noutlined in VU#725188 does not pose any threat to authoritative DNS zones \nfor which Nixu NameSurfer Suite is the master, i.e. Nixu NameSurfer primary \nDNS server will continue to serve the (remote) secondary DNS servers even if \nthe optional local BIND server failed. \n \n============================= \nNixu Secure Name Server (SNS) \n============================= \nNixu SNS secondary server instances hosting slave copies of master zones \nmanaged in Nixu NameSurfer primary are not affected by VU#725188.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD __ Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPatches for this issue were committed to the HEAD of the OpenBSD CVS respository on 2009-07-29. Users running -current from before that date should update their systems.\n\nPatches for -release versions were published on 2009-07-29 as well. These patches can be found at: \n<ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/014_bind.patch> for OpenBSD-4.4 \n<ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/007_bind.patch> for OpenBSD-4.5 \n<ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/001_bind.patch> for OpenBSD-4.6 (note that OpenBSD 4.6 has not been formally released as of this writing) \n \nPatches for this issue were committed to the `OPENBSD_4_4`, `OPENBSD_4_5`, and `OPENBSD_4_6` CVS branches on 2009-07-30. Users running -stable systems from before this date should update their systems. \n \nOlder versions of the operating system are not officially supported.\n\n### Red Hat, Inc. __ Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nRed Hat, Inc. has published Red Hat Security Advisory [RHSA-2009:1179](<http://rhn.redhat.com/errata/RHSA-2009-1179.html>) in response to this issue. Users are encouraged to review this advisory and apply the patches it describes.\n\n### SUSE Linux __ Affected\n\nNotified: July 28, 2009 Updated: July 31, 2009 \n\n**Statement Date: July 31, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`The SUSE Linux products are vulnerable to the published BIND remote denial \nof service attack. We have released updated packages to fix this issue. \n \nReference: \n`[`http://www.novell.com/linux/security/advisories/2009_40_bind.html`](<http://www.novell.com/linux/security/advisories/2009_40_bind.html>)\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n**Statement Date: July 30, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSun Microsystems has published [SunSolve Document ID 264828](<http://sunsolve.sun.com/search/document.do?assetkey=1-66-264828-1>) in response to this issue. This document indicates that \"A final resolution is pending completion\". In the meantime, users may wish to consider applying the appropriate Interim Security Relief (ISR) packages for Solaris 10 described in the document.\n\n### Ubuntu __ Affected\n\nNotified: July 28, 2009 Updated: July 29, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe Ubuntu Security Team has published Ubuntu Security Notice [USN-808-1](<http://www.ubuntulinux.org/usn/usn-808-1>) in response to this issue. Users are encouraged to review this notice and apply the updates it describes.\n\n### Nominum __ Not Affected\n\nNotified: July 28, 2009 Updated: July 30, 2009 \n\n**Statement Date: July 29, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`We have confirmed that no version of Nominum's servers is vulnerable to this.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Alcatel-Lucent Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GNU glibc Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gnu ADNS Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mandriva S. A. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### McAfee Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Men &amp; Mice Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Metasolv Software, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation Unknown\n\nNotified: August 03, 2009 Updated: August 03, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SafeNet Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Shadowsupport Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: July 28, 2009 Updated: July 28, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 54 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <https://www.isc.org/node/474>\n * <http://tools.ietf.org/html/rfc2136>\n * [http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&amp;noframes=1](<http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&noframes=1>)\n * [http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&amp;noframes=1](<http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&noframes=1>)\n * [http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&amp;noframes=1](<http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&noframes=1>)\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975>\n\n### Acknowledgements\n\nThanks to ISC for reporting this vulnerability.\n\nThis document was written by Will Dormann and Chad Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-0696](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-0696>) \n---|--- \n**Severity Metric:** | 26.33 \n**Date Public:** | 2009-07-28 \n**Date First Published:** | 2009-07-28 \n**Date Last Updated: ** | 2009-08-27 14:10 UTC \n**Document Revision: ** | 32 \n", "modified": "2009-08-27T14:10:00", "published": "2009-07-28T00:00:00", "id": "VU:725188", "href": "https://www.kb.cert.org/vuls/id/725188", "type": "cert", "title": "ISC BIND 9 vulnerable to denial of service via dynamic update request", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:18:44", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "Specially crafted zone update packets could trigger an exception in bind causing it to exit. The attack works if BIND is master for a zone even if zone updates are not configured (CVE-2009-0696).\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-07-30T16:51:35", "published": "2009-07-30T16:51:35", "id": "SUSE-SA:2009:040", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00006.html", "type": "suse", "title": "remote denial of service in bind", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "edition": 1, "description": "### Background\n\nISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. \n\n### Description\n\nMatthias Urlichs reported that the dns_db_findrdataset() function fails when the prerequisite section of the dynamic update message contains a record of type \"ANY\" and where at least one RRset for this FQDN exists on the server. \n\n### Impact\n\nA remote unauthenticated attacker could send a specially crafted dynamic update message to the BIND daemon (named), leading to a Denial of Service (daemon crash). This vulnerability affects all primary (master) servers -- it is not limited to those that are configured to allow dynamic updates. \n\n### Workaround\n\nConfigure a firewall that performs Deep Packet Inspection to prevent nsupdate messages from reaching named. Alternatively, expose only secondary (slave) servers to untrusted networks. \n\n### Resolution\n\nAll BIND users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/bind-9.4.3_p3\"", "modified": "2009-08-01T00:00:00", "published": "2009-08-01T00:00:00", "id": "GLSA-200908-02", "href": "https://security.gentoo.org/glsa/200908-02", "type": "gentoo", "title": "BIND: Denial of Service", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}