ID CVE-2007-0493
Summary Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
References
Vulnerable Configurations
  • ISC BIND 9.3.0
    cpe:2.3:a:isc:bind:9.3.0
  • ISC BIND 9.3.1
    cpe:2.3:a:isc:bind:9.3.1
  • ISC BIND 9.3.2
    cpe:2.3:a:isc:bind:9.3.2
  • ISC BIND 9.4.0
    cpe:2.3:a:isc:bind:9.4.0
  • ISC BIND 9.4.0rc1
    cpe:2.3:a:isc:bind:9.4.0:rc1
  • ISC BIND 9.5.0
    cpe:2.3:a:isc:bind:9.5.0
CVSS
Base: 7.8 (as of 24-08-2016 - 10:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35920.NASL
    description s700_800 11.23 Bind 9.2.0 components : Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). References: CVE-2006-4339, CVE-2007-0493 (BIND v9.3.2 only), CVE-2007-0494.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26138
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26138
    title HP-UX PHNE_35920 : HP-UX Running BIND, Remote Denial of Service (DoS) (HPSBUX02219 SSRT061273 rev.1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-164.NASL
    description Fixed two security bugs - DNSSEC denial of service - BIND might crash after attempting to read free()-ed memory and some common bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24300
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24300
    title Fedora Core 5 : bind-9.3.4-1.fc5 (2007-164)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-005.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25297
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25297
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-147.NASL
    description Updated to version 9.3.4 which contains two security bugfixes - Serialise validation of type ANY responses. [RT #16555] - It was possible to dereference a freed fetch context. [RT #16584] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24299
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24299
    title Fedora Core 6 : bind-9.3.4-1.fc6 (2007-147)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-418-1.NASL
    description A flaw was discovered in Bind's DNSSEC validation code. Remote attackers could send a specially crafted DNS query which would cause the Bind server to crash, resulting in a denial of service. Only servers configured to use DNSSEC extensions were vulnerable. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28010
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28010
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : bind9 vulnerabilities (USN-418-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3CB6F059C69D11DB9F82000E0C2E438A.NASL
    description A type * (ANY) query response containing multiple RRsets can trigger an assertion failure. Certain recursive queries can cause the nameserver to crash by using memory which has already been freed. Impact : A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service. A remote attacker sending recursive queries can cause the nameserver to crash, resulting in a Denial of Service. Workaround : There is no workaround available, but systems which are not authoritative servers for DNSSEC signed zones are not affected by the first issue; and systems which do not permit untrusted users to perform recursive DNS resolution are not affected by the second issue. Note that the default configuration for named(8) in FreeBSD allows local access only (which on many systems is equivalent to refusing access to untrusted users).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24730
    published 2007-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24730
    title FreeBSD : bind -- Multiple Denial of Service vulnerabilities (3cb6f059-c69d-11db-9f82-000e0c2e438a)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-030.NASL
    description Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to 'dereference a freed fetch context.' (CVE-2007-0493) ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error. (CVE-2007-0494) The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24643
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24643
    title Mandrake Linux Security Advisory : bind (MDKSA-2007:030)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1254.NASL
    description It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extentions.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 24293
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24293
    title Debian DSA-1254-1 : bind9 - insufficient input sanitising
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200702-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200702-06 (BIND: Denial of Service) An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to type ANY queries with multiple RRsets. Impact : A remote attacker could crash the server through unspecified vectors or, if DNSSEC validation is enabled, by sending certain crafted ANY queries. Workaround : There is no known workaround at this time for the first issue. The DNSSEC validation Denial of Service can be prevented by disabling DNSSEC validation until the upgrade to a fixed version. Note that DNSSEC validation is disabled on a default configuration.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 24367
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24367
    title GLSA-200702-06 : BIND: Denial of Service
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0057.NASL
    description From Red Hat Security Advisory 2007:0057 : Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67445
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67445
    title Oracle Linux 5 : bind (ELSA-2007-0057)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0057.NASL
    description Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 25313
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25313
    title RHEL 5 : bind (RHSA-2007:0057)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-026-01.NASL
    description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix denial of service security issues. Versions of bind-9.2.x older than bind-9.2.8, and versions of bind-9.3.x older than 9.3.4 can be made to crash with malformed local or remote data.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 24667
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24667
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-026-01)
oval via4
accepted 2013-04-29T04:20:42.086-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
family unix
id oval:org.mitre.oval:def:9614
status accepted
submitted 2010-07-09T03:56:16-04:00
title Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
version 18
redhat via4
advisories
rhsa
id RHSA-2007:0057
rpms
  • bind-30:9.3.3-8.el5
  • bind-chroot-30:9.3.3-8.el5
  • bind-devel-30:9.3.3-8.el5
  • bind-libbind-devel-30:9.3.3-8.el5
  • bind-libs-30:9.3.3-8.el5
  • bind-sdb-30:9.3.3-8.el5
  • bind-utils-30:9.3.3-8.el5
  • caching-nameserver-30:9.3.3-8.el5
refmap via4
apple APPLE-SA-2007-05-24
bid 22229
bugtraq 20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
confirm
fedora
  • FEDORA-2007-147
  • FEDORA-2007-164
freebsd FreeBSD-SA-07:02
fulldisc 20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
gentoo GLSA-200702-06
hp
  • HPSBTU02207
  • HPSBUX02219
  • SSRT061213
  • SSRT061239
  • SSRT061273
  • SSRT071304
mandriva MDKSA-2007:030
mlist [bind-announce] 20070125 Internet Systems Consortium Security Advisory.
netbsd NetBSD-SA2007-003
openpkg OpenPKG-SA-2007.007
sectrack 1017561
secunia
  • 23904
  • 23924
  • 23943
  • 23972
  • 23974
  • 23977
  • 24014
  • 24048
  • 24054
  • 24129
  • 24203
  • 24930
  • 24950
  • 25402
  • 25649
slackware SSA:2007-026-01
suse SUSE-SA:2007:014
trustix 2007-0005
ubuntu USN-418-1
vupen
  • ADV-2007-0349
  • ADV-2007-1401
  • ADV-2007-1939
  • ADV-2007-2163
  • ADV-2007-2315
statements via4
contributor Joshua Bressers
lastmodified 2007-01-29
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 06-12-2016 - 21:59
Published 25-01-2007 - 15:28
Last modified 30-10-2018 - 12:27
Back to Top