CVE-2009-0696

Severity

43%

Complexity

86%

Confidentiality

48%

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

Type

ISC BIND

First reported 15 years ago

2009-07-29 17:30:00

Last updated 6 years ago

2018-10-10 19:30:00

Affected Software

ISC BIND 9.4

9.4

ISC BIND 9.4.0

9.4.0

ISC BIND 9.4.0 Alpha 1

9.4.0

ISC BIND 9.4.0 Alpha 2

9.4.0

ISC BIND 9.4.0 Alpha 3

9.4.0

ISC BIND 9.4.0 Alpha 4

9.4.0

ISC BIND 9.4.0 Alpha 5

9.4.0

ISC BIND 9.4.0 Alpha 6

9.4.0

ISC BIND 9.4.0 Beta 1

9.4.0

ISC BIND 9.4.0 Beta 2

9.4.0

ISC BIND 9.4.0 Beta 3

9.4.0

ISC BIND 9.4.0 Beta 4

9.4.0

ISC BIND 9.4.0rc1

9.4.0

ISC BIND 9.4.0 Release Candidate 2

9.4.0

ISC BIND 9.4.1

9.4.1

ISC BIND 9.4.2

9.4.2

ISC BIND 9.4.2 Release Candidate 1

9.4.2

ISC BIND 9.4.2 Release Candidate 2

9.4.2

ISC BIND 9.4.3

9.4.3

ISC BIND 9.4.3 Beta 1

9.4.3

ISC BIND 9.4.3 Beta 2

9.4.3

ISC BIND 9.4.3 Beta 3

9.4.3

ISC BIND 9.4.3 Patch 2

9.4.3

ISC BIND 9.5

9.5

ISC BIND 9.5.0

9.5.0

ISC BIND 9.5.0 Alpha 1

9.5.0

ISC BIND 9.5.0 Alpha 2

9.5.0

ISC BIND 9.5.0 Alpha 3

9.5.0

ISC BIND 9.5.0 Alpha 4

9.5.0

ISC BIND 9.5.0 Alpha 5

9.5.0

ISC BIND 9.5.0 Alpha 6

9.5.0

ISC BIND 9.5.0 Alpha 7

9.5.0

ISC BIND 9.5.0 Beta 1

9.5.0

ISC BIND 9.5.0 Beta 2

9.5.0

ISC BIND 9.5.0 Beta 3

9.5.0

ISC BIND 9.5.0 Patch 1

9.5.0

ISC BIND 9.5.0 Patch 2

9.5.0

ISC BIND 9.5.0 Patch 2 W1

9.5.0

ISC BIND 9.5.0 Patch 2 W2

9.5.0

ISC BIND 9.6 Extended Support Version

9.6

ISC BIND 9.6 Extended Support Version Release 1

9.6

ISC BIND 9.6 Extended Support Version Release 2

9.6

ISC BIND 9.6 Extended Support Version Release 3

9.6

ISC BIND 9.6 Extended Support Version Release 4

9.6

ISC BIND 9.6 Extended Support Version Release 4 Patch 1

9.6

ISC BIND 9.6 Extended Support Version Release 5

9.6

ISC BIND 9.6 Extended Support Version Release 5 Beta 1

9.6

ISC BIND 9.6 Extended Support Version Release 5 Patch 1

9.6

ISC BIND 9.6 Extended Support Version Release 6

9.6

ISC BIND 9.6 Extended Support Version Release 6 Beta 1

9.6

ISC BIND 9.6 Extended Support Version Release 6 Release Candidate 1

9.6

ISC BIND 9.6 Extended Support Version Release 6 Release Candidate 2

9.6

ISC BIND 9.6 Extended Support Version Release 7

9.6

ISC BIND 9.6 Extended Support Version Release 7 Patch 1

9.6

ISC BIND 9.6 Extended Support Version Release 7 Patch 2

9.6

ISC BIND 9.6 Extended Support Version Release 9

9.6

ISC BIND 9.6 Extended Support Version Release 9 Patch 1

9.6

ISC BIND 9.6.0

9.6.0

ISC BIND 9.6.0 Alpha 1

9.6.0

ISC BIND 9.6.0 Beta 1

9.6.0

ISC BIND 9.6.0 p1

9.6.0

ISC BIND 9.6.0 rc1

9.6.0

ISC BIND 9.6.0 rc2

9.6.0

ISC BIND 9.6.1

9.6.1

ISC BIND 9.6.1 Beta 1

9.6.1

References

NetBSD-SA2009-013

ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt

http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975

36035

36038

36050

36053

36056

36063

36086

36098

36192

37471

39334

264828

1020788

http://up2date.astaro.com/2009/08/up2date_7505_released.html

http://wiki.rpath.com/Advisories:rPSA-2009-0113

VU#725188

US Government Resource

[4.4] 014: RELIABILITY FIX: July 29, 2009

20090729 rPSA-2009-0113-1 bind bind-utils

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

1022613

SSA:2009-210-01

USN-808-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

ADV-2009-2036

ADV-2009-2088

ADV-2009-2171

ADV-2009-2247

ADV-2009-3316

oval:org.mitre.oval:def:10414

oval:org.mitre.oval:def:12245

oval:org.mitre.oval:def:7806

https://www.isc.org/node/474

Patch, Vendor Advisory

FEDORA-2009-8119

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.