CVE-2007-0493

Severity

78%

Complexity

99%

Confidentiality

115%

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

ISC BIND

First reported 18 years ago

2007-01-25 20:28:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

ISC BIND 9.3.0

9.3.0

ISC BIND 9.3.1

9.3.1

ISC BIND 9.3.2

9.3.2

ISC BIND 9.4.0

9.4.0

ISC BIND 9.4.0rc1

9.4.0

ISC BIND 9.5.0

9.5.0

References

http://docs.info.apple.com/article.html?artnum=305530

FEDORA-2007-147

FEDORA-2007-164

NetBSD-SA2007-003

SSRT061273

APPLE-SA-2007-05-24

20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]

SUSE-SA:2007:014

[bind-announce] 20070125 Internet Systems Consortium Security Advisory.

23904

Vendor Advisory

23924

23943

23972

23974

23977

24014

24048

24054

24129

24203

24930

24950

25402

25649

FreeBSD-SA-07:02

GLSA-200702-06

1017561

SSA:2007-026-01

http://www.isc.org/index.pl?/sw/bind/bind-security.php

http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8

Patch

http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4

Patch

MDKSA-2007:030

OpenPKG-SA-2007.007

RHSA-2007:0057

20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]

22229

2007-0005

USN-418-1

ADV-2007-0349

ADV-2007-1401

ADV-2007-1939

ADV-2007-2163

ADV-2007-2315

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

https://issues.rpath.com/browse/RPL-989

oval:org.mitre.oval:def:9614

SSRT071304

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.