CVE - CVE-2009-0696

CVE-ID
CVE-2009-0696	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090729 rPSA-2009-0113-1 bind bind-utils URL:http://www.securityfocus.com/archive/1/archive/1/505403/100/0/threaded BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded CONFIRM:https://www.isc.org/node/474 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0113 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 CONFIRM:http://up2date.astaro.com/2009/08/up2date_7505_released.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html CONFIRM:ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt FEDORA:FEDORA-2009-8119 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html NETBSD:NetBSD-SA2009-013 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc OPENBSD:[4.4] 014: RELIABILITY FIX: July 29, 2009 URL:http://www.openbsd.org/errata44.html#014_bind SLACKWARE:SSA:2009-210-01 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499 SUNALERT:264828 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1 SUNALERT:1020788 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1 UBUNTU:USN-808-1 URL:http://www.ubuntu.com/usn/usn-808-1 CERT-VN:VU#725188 URL:http://www.kb.cert.org/vuls/id/725188 OVAL:oval:org.mitre.oval:def:10414 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10414 OVAL:oval:org.mitre.oval:def:7806 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7806 OVAL:oval:org.mitre.oval:def:12245 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12245 SECTRACK:1022613 URL:http://www.securitytracker.com/id?1022613 SECUNIA:36053 URL:http://secunia.com/advisories/36053 SECUNIA:36038 URL:http://secunia.com/advisories/36038 SECUNIA:36050 URL:http://secunia.com/advisories/36050 SECUNIA:36056 URL:http://secunia.com/advisories/36056 SECUNIA:36063 URL:http://secunia.com/advisories/36063 SECUNIA:36086 URL:http://secunia.com/advisories/36086 SECUNIA:36098 URL:http://secunia.com/advisories/36098 SECUNIA:36192 URL:http://secunia.com/advisories/36192 SECUNIA:36035 URL:http://secunia.com/advisories/36035 SECUNIA:37471 URL:http://secunia.com/advisories/37471 SECUNIA:39334 URL:http://secunia.com/advisories/39334 VUPEN:ADV-2009-2036 URL:http://www.vupen.com/english/advisories/2009/2036 VUPEN:ADV-2009-2088 URL:http://www.vupen.com/english/advisories/2009/2088 VUPEN:ADV-2009-2171 URL:http://www.vupen.com/english/advisories/2009/2171 VUPEN:ADV-2009-2247 URL:http://www.vupen.com/english/advisories/2009/2247 VUPEN:ADV-2009-3316 URL:http://www.vupen.com/english/advisories/2009/3316
Assigning CNA
N/A
Date Entry Created
20090222	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090222)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us