CVE - CVE-2009-0696

CVE-ID
CVE-2009-0696	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090729 rPSA-2009-0113-1 bind bind-utils URL:http://www.securityfocus.com/archive/1/archive/1/505403/100/0/threaded BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded CONFIRM:https://www.isc.org/node/474 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0113 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 CONFIRM:http://up2date.astaro.com/2009/08/up2date_7505_released.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html CONFIRM:ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt FEDORA:FEDORA-2009-8119 URL:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html NETBSD:NetBSD-SA2009-013 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc OPENBSD:[4.4] 014: RELIABILITY FIX: July 29, 2009 URL:http://www.openbsd.org/errata44.html#014_bind SLACKWARE:SSA:2009-210-01 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499 SUNALERT:264828 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1 SUNALERT:1020788 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1 UBUNTU:USN-808-1 URL:http://www.ubuntu.com/usn/usn-808-1 CERT-VN:VU#725188 URL:http://www.kb.cert.org/vuls/id/725188 OVAL:oval:org.mitre.oval:def:10414 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414 OVAL:oval:org.mitre.oval:def:7806 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806 OVAL:oval:org.mitre.oval:def:12245 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245 SECTRACK:1022613 URL:http://www.securitytracker.com/id?1022613 SECUNIA:36053 URL:http://secunia.com/advisories/36053 SECUNIA:36038 URL:http://secunia.com/advisories/36038 SECUNIA:36050 URL:http://secunia.com/advisories/36050 SECUNIA:36056 URL:http://secunia.com/advisories/36056 SECUNIA:36063 URL:http://secunia.com/advisories/36063 SECUNIA:36086 URL:http://secunia.com/advisories/36086 SECUNIA:36098 URL:http://secunia.com/advisories/36098 SECUNIA:36192 URL:http://secunia.com/advisories/36192 SECUNIA:36035 URL:http://secunia.com/advisories/36035 SECUNIA:37471 URL:http://secunia.com/advisories/37471 SECUNIA:39334 URL:http://secunia.com/advisories/39334 VUPEN:ADV-2009-2036 URL:http://www.vupen.com/english/advisories/2009/2036 VUPEN:ADV-2009-2088 URL:http://www.vupen.com/english/advisories/2009/2088 VUPEN:ADV-2009-2171 URL:http://www.vupen.com/english/advisories/2009/2171 VUPEN:ADV-2009-2247 URL:http://www.vupen.com/english/advisories/2009/2247 VUPEN:ADV-2009-3316 URL:http://www.vupen.com/english/advisories/2009/3316
Assigning CNA
N/A
Date Entry Created
20090222	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090222)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Contact Us | Terms of Use | Privacy Policy | Site Map | Search this Site

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.