CVE-2009-0696

2009-07-2900:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.965 High

EPSS

Percentile

99.6%

JSON

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before
9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as
a master server, allows remote attackers to cause a denial of service
(assertion failure and daemon exit) via an ANY record in the prerequisite
section of a crafted dynamic update message, as exploited in the wild in
July 2009.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchbind9< 1:9.3.2-2ubuntu1.7UNKNOWN
ubuntu8.04noarchbind9< 1:9.4.2.dfsg.P2-2ubuntu0.2UNKNOWN
ubuntu8.10noarchbind9< 1:9.5.0.dfsg.P2-1ubuntu3.2UNKNOWN
ubuntu9.04noarchbind9< 1:9.5.1.dfsg.P2-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	bind9	< 1:9.3.2-2ubuntu1.7	UNKNOWN
ubuntu	8.04	noarch	bind9	< 1:9.4.2.dfsg.P2-2ubuntu0.2	UNKNOWN
ubuntu	8.10	noarch	bind9	< 1:9.5.0.dfsg.P2-1ubuntu3.2	UNKNOWN
ubuntu	9.04	noarch	bind9	< 1:9.5.1.dfsg.P2-1ubuntu0.1	UNKNOWN