ID CVE-2007-0494
Summary ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
References
Vulnerable Configurations
  • ISC BIND 9.0
    cpe:2.3:a:isc:bind:9.0
  • ISC BIND 9.0.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.0.0:rc1
  • ISC BIND 9.0.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.0.0:rc2
  • ISC BIND 9.0.0 Release Candidate 3
    cpe:2.3:a:isc:bind:9.0.0:rc3
  • ISC BIND 9.0.0 Release Candidate 4
    cpe:2.3:a:isc:bind:9.0.0:rc4
  • ISC BIND 9.0.0 Release Candidate 5
    cpe:2.3:a:isc:bind:9.0.0:rc5
  • ISC BIND 9.0.0 Release Candidate 6
    cpe:2.3:a:isc:bind:9.0.0:rc6
  • ISC BIND 9.0.1
    cpe:2.3:a:isc:bind:9.0.1
  • ISC BIND 9.0.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.0.1:rc1
  • ISC BIND 9.0.1 Release Candidate 2
    cpe:2.3:a:isc:bind:9.0.1:rc2
  • ISC BIND 9.1
    cpe:2.3:a:isc:bind:9.1
  • ISC BIND 9.1.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.0:rc1
  • ISC BIND 9.1.1
    cpe:2.3:a:isc:bind:9.1.1
  • ISC BIND 9.1.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.1:rc1
  • ISC BIND 9.1.1 Release Candidate 2
    cpe:2.3:a:isc:bind:9.1.1:rc2
  • ISC BIND 9.1.1 Release Candidate 3
    cpe:2.3:a:isc:bind:9.1.1:rc3
  • ISC BIND 9.1.1 Release Candidate 4
    cpe:2.3:a:isc:bind:9.1.1:rc4
  • ISC BIND 9.1.1 Release Candidate 5
    cpe:2.3:a:isc:bind:9.1.1:rc5
  • ISC BIND 9.1.1 Release Candidate 6
    cpe:2.3:a:isc:bind:9.1.1:rc6
  • ISC BIND 9.1.1 Release Candidate 7
    cpe:2.3:a:isc:bind:9.1.1:rc7
  • ISC BIND 9.1.2
    cpe:2.3:a:isc:bind:9.1.2
  • ISC BIND 9.1.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.2:rc1
  • ISC BIND 9.1.3
    cpe:2.3:a:isc:bind:9.1.3
  • ISC BIND 9.1.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.1.3:rc1
  • ISC BIND 9.1.3 Release Candidate 2
    cpe:2.3:a:isc:bind:9.1.3:rc2
  • ISC BIND 9.1.3 Release Candidate 3
    cpe:2.3:a:isc:bind:9.1.3:rc3
  • ISC BIND 9.2
    cpe:2.3:a:isc:bind:9.2
  • ISC BIND 9.2.0
    cpe:2.3:a:isc:bind:9.2.0
  • ISC BIND 9.2.0 Alpha 1
    cpe:2.3:a:isc:bind:9.2.0:a1
  • ISC BIND 9.2.0 Alpha 2
    cpe:2.3:a:isc:bind:9.2.0:a2
  • ISC BIND 9.2.0 Alpha 3
    cpe:2.3:a:isc:bind:9.2.0:a3
  • ISC BIND 9.2.0 Beta 1
    cpe:2.3:a:isc:bind:9.2.0:b1
  • ISC BIND 9.2.0 Beta 2
    cpe:2.3:a:isc:bind:9.2.0:b2
  • ISC BIND 9.2.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.0:rc1
  • ISC BIND 9.2.0 Release Candidate 10
    cpe:2.3:a:isc:bind:9.2.0:rc10
  • ISC BIND 9.2.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.0:rc2
  • ISC BIND 9.2.0 Release Candidate 3
    cpe:2.3:a:isc:bind:9.2.0:rc3
  • ISC BIND 9.2.0 Release Candidate 4
    cpe:2.3:a:isc:bind:9.2.0:rc4
  • ISC BIND 9.2.0 Release Candidate 5
    cpe:2.3:a:isc:bind:9.2.0:rc5
  • ISC BIND 9.2.0 Release Candidate 6
    cpe:2.3:a:isc:bind:9.2.0:rc6
  • ISC BIND 9.2.0 Release Candidate 7
    cpe:2.3:a:isc:bind:9.2.0:rc7
  • ISC BIND 9.2.0 Release Candidate 8
    cpe:2.3:a:isc:bind:9.2.0:rc8
  • ISC BIND 9.2.0 Release Candidate 9
    cpe:2.3:a:isc:bind:9.2.0:rc9
  • ISC BIND 9.2.1
    cpe:2.3:a:isc:bind:9.2.1
  • ISC BIND 9.2.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.1:rc1
  • ISC BIND 9.2.1 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.1:rc2
  • ISC BIND 9.2.2
    cpe:2.3:a:isc:bind:9.2.2
  • ISC BIND 9.2.2 Patch 2
    cpe:2.3:a:isc:bind:9.2.2:p2
  • ISC BIND 9.2.2 P3
    cpe:2.3:a:isc:bind:9.2.2:p3
  • ISC BIND 9.2.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.2:rc1
  • ISC BIND 9.2.3
    cpe:2.3:a:isc:bind:9.2.3
  • ISC BIND 9.2.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.3:rc1
  • ISC BIND 9.2.3 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.3:rc2
  • ISC BIND 9.2.3 Release Candidate 3
    cpe:2.3:a:isc:bind:9.2.3:rc3
  • ISC BIND 9.2.3 Release Candidate 4
    cpe:2.3:a:isc:bind:9.2.3:rc4
  • ISC BIND 9.2.4
    cpe:2.3:a:isc:bind:9.2.4
  • ISC BIND 9.2.4 Release Candidate 2
    cpe:2.3:a:isc:bind:9.2.4:rc2
  • ISC BIND 9.2.4 Release Candidate 3
    cpe:2.3:a:isc:bind:9.2.4:rc3
  • ISC BIND 9.2.4 Release Candidate 4
    cpe:2.3:a:isc:bind:9.2.4:rc4
  • ISC BIND 9.2.4 Release Candidate 5
    cpe:2.3:a:isc:bind:9.2.4:rc5
  • ISC BIND 9.2.4 Release Candidate 6
    cpe:2.3:a:isc:bind:9.2.4:rc6
  • ISC BIND 9.2.4 Release Candidate 7
    cpe:2.3:a:isc:bind:9.2.4:rc7
  • ISC BIND 9.2.4 Release Candidate 8
    cpe:2.3:a:isc:bind:9.2.4:rc8
  • ISC BIND 9.2.5
    cpe:2.3:a:isc:bind:9.2.5
  • ISC BIND 9.2.5 Beta 2
    cpe:2.3:a:isc:bind:9.2.5:b2
  • ISC BIND 9.2.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.5:rc1
  • ISC BIND 9.2.6
    cpe:2.3:a:isc:bind:9.2.6
  • ISC BIND 9.2.6 Release Candidate 1
    cpe:2.3:a:isc:bind:9.2.6:rc1
  • ISC BIND 9.3
    cpe:2.3:a:isc:bind:9.3
  • ISC BIND 9.3.0
    cpe:2.3:a:isc:bind:9.3.0
  • ISC BIND 9.3.0 Beta 2
    cpe:2.3:a:isc:bind:9.3.0:b2
  • ISC BIND 9.3.0 Beta 3
    cpe:2.3:a:isc:bind:9.3.0:b3
  • ISC BIND 9.3.0 Beta 4
    cpe:2.3:a:isc:bind:9.3.0:b4
  • ISC BIND 9.3.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.0:rc1
  • ISC BIND 9.3.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.3.0:rc2
  • ISC BIND 9.3.0 Release Candidate 3
    cpe:2.3:a:isc:bind:9.3.0:rc3
  • ISC BIND 9.3.0 Release Candidate 4
    cpe:2.3:a:isc:bind:9.3.0:rc4
  • ISC BIND 9.3.1
    cpe:2.3:a:isc:bind:9.3.1
  • ISC BIND 9.3.1 Beta 2
    cpe:2.3:a:isc:bind:9.3.1:b2
  • ISC BIND 9.3.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.1:rc1
  • ISC BIND 9.3.2
    cpe:2.3:a:isc:bind:9.3.2
  • ISC BIND 9.3.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.3.2:rc1
  • ISC BIND 9.4.0 Alpha 1
    cpe:2.3:a:isc:bind:9.4.0:a1
  • ISC BIND 9.4.0 Alpha 2
    cpe:2.3:a:isc:bind:9.4.0:a2
  • ISC BIND 9.4.0 Alpha 3
    cpe:2.3:a:isc:bind:9.4.0:a3
  • ISC BIND 9.4.0 Alpha 4
    cpe:2.3:a:isc:bind:9.4.0:a4
  • ISC BIND 9.4.0 Alpha 5
    cpe:2.3:a:isc:bind:9.4.0:a5
  • ISC BIND 9.4.0 Beta 1
    cpe:2.3:a:isc:bind:9.4.0:b1
  • ISC BIND 9.4.0 Beta 2
    cpe:2.3:a:isc:bind:9.4.0:b2
  • ISC BIND 9.4.0 Beta 3
    cpe:2.3:a:isc:bind:9.4.0:b3
  • ISC BIND 9.4.0rc1
    cpe:2.3:a:isc:bind:9.4.0:rc1
  • ISC BIND 9.5.0 Alpha 1
    cpe:2.3:a:isc:bind:9.5.0:a1
CVSS
Base: 4.3 (as of 24-08-2016 - 10:05)
Impact:
Exploitability:
CWE CWE-19
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0044.NASL
    description From Red Hat Security Advisory 2007:0044 : Updated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494) For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update. Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs. Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67444
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67444
    title Oracle Linux 3 / 4 : bind (ELSA-2007-0044)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35920.NASL
    description s700_800 11.23 Bind 9.2.0 components : Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). References: CVE-2006-4339, CVE-2007-0493 (BIND v9.3.2 only), CVE-2007-0494.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26138
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26138
    title HP-UX PHNE_35920 : HP-UX Running BIND, Remote Denial of Service (DoS) (HPSBUX02219 SSRT061273 rev.1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-164.NASL
    description Fixed two security bugs - DNSSEC denial of service - BIND might crash after attempting to read free()-ed memory and some common bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24300
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24300
    title Fedora Core 5 : bind-9.3.4-1.fc5 (2007-164)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0044.NASL
    description Updated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494) For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update. Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs. Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 24318
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24318
    title RHEL 2.1 / 3 / 4 : bind (RHSA-2007:0044)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-005.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25297
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25297
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-147.NASL
    description Updated to version 9.3.4 which contains two security bugfixes - Serialise validation of type ANY responses. [RT #16555] - It was possible to dereference a freed fetch context. [RT #16584] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 24299
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24299
    title Fedora Core 6 : bind-9.3.4-1.fc6 (2007-147)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-418-1.NASL
    description A flaw was discovered in Bind's DNSSEC validation code. Remote attackers could send a specially crafted DNS query which would cause the Bind server to crash, resulting in a denial of service. Only servers configured to use DNSSEC extensions were vulnerable. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28010
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28010
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : bind9 vulnerabilities (USN-418-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0044.NASL
    description Updated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494) For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update. Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs. Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24289
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24289
    title CentOS 3 / 4 : bind (CESA-2007:0044)
  • NASL family DNS
    NASL id BIND9_DOS4.NASL
    description The version of BIND installed on the remote host suggests that it suffers from a denial of service vulnerability that could be triggered by sending a large volume of recursive queries that return multiple RRsets in the answer section, triggering assertion checks. To be vulnerable you need to have enabled DNSSEC validation in named.conf by specifying trusted-keys. Note that Nessus obtained the version by sending a special DNS request for the text 'version.bind' in the domain 'chaos', the value of which can be and sometimes is tweaked by DNS administrators.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 17840
    published 2012-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17840
    title ISC BIND Crafted ANY Request Response Multiple RRsets DoS
  • NASL family AIX Local Security Checks
    NASL id AIX_U803849.NASL
    description The remote host is missing AIX PTF U803849, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 65277
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65277
    title AIX 5.2 TL 10 : bos.net.tcp.client (U803849)
  • NASL family AIX Local Security Checks
    NASL id AIX_U804534.NASL
    description The remote host is missing AIX PTF U804534, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 65283
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65283
    title AIX 5.3 TL 7 : bos.net.tcp.client (U804534)
  • NASL family AIX Local Security Checks
    NASL id AIX_U800591.NASL
    description The remote host is missing AIX PTF U800591, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 65266
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65266
    title AIX 5.3 TL 6 : bos.net.tcp.client (U800591)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3CB6F059C69D11DB9F82000E0C2E438A.NASL
    description A type * (ANY) query response containing multiple RRsets can trigger an assertion failure. Certain recursive queries can cause the nameserver to crash by using memory which has already been freed. Impact : A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service. A remote attacker sending recursive queries can cause the nameserver to crash, resulting in a Denial of Service. Workaround : There is no workaround available, but systems which are not authoritative servers for DNSSEC signed zones are not affected by the first issue; and systems which do not permit untrusted users to perform recursive DNS resolution are not affected by the second issue. Note that the default configuration for named(8) in FreeBSD allows local access only (which on many systems is equivalent to refusing access to untrusted users).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24730
    published 2007-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24730
    title FreeBSD : bind -- Multiple Denial of Service vulnerabilities (3cb6f059-c69d-11db-9f82-000e0c2e438a)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-030.NASL
    description Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to 'dereference a freed fetch context.' (CVE-2007-0493) ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error. (CVE-2007-0494) The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24643
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24643
    title Mandrake Linux Security Advisory : bind (MDKSA-2007:030)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1254.NASL
    description It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extentions.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 24293
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24293
    title Debian DSA-1254-1 : bind9 - insufficient input sanitising
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2007-0006.NASL
    description Problems addressed by these patches : I Arbitrary code execution and denial of service vulnerabilities This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. (CVE-2007-4496) This release fixes a denial of service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or exit unexpectedly. (CVE-2007-4497) Thanks to Rafal Wojtczvk of McAfee for identifying and reporting these issues. II Hosted products DHCP security vulnerabilities addressed This release fixes several vulnerabilities in the DHCP server that could enable a specially crafted packets to gain system-level privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063) Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities. III Windows based hosted product vulnerability in IntraProcessLogging.dll and vielib.dll. This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system. (CVE-2007-4059) This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system. (CVE-2007-4155) Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities. IV Escalation of privileges on Windows hosted systems This release fixes a security vulnerability in which Workstation was starting registered Windows services in an insecure manner. This vulnerability could allow a malicious user to escalate user privileges. Thanks to Foundstone for discovering this vulnerability. V Potential denial of service using VMware Player This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. VI ESX Service Console updates a. Service console package Samba, has been updated to address the following issues : Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default username map script option. (CVE-2007-2447) Thanks to the Samba developers, TippingPoint, and iDefense for identifying and reporting these issues. Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 b. Updated bind package for the service console fixes a flaw with the way ISC BIND processed certain DNS query responses. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Under some circumstances, a malicious remote user could launch a Denial-of-Service attack on ESX Server hosts that had enabled DNSSEC validation. (CVE-2007-0494) Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 c. This patch provides updated service console package krb5 update. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798 to these security issues. Thanks to Wei Wang of McAfee Avert Labs discovered these vulnerabilities. Note: The VMware service console does not provide the kadmind binary, and is not affected by these issues, but a update has been provided for completeness. d. Service console update for vixie-cron This patch provides an updated service console package vixie-cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A denial of service issue was found in the way vixie-cron verified crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could potentially prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) Thanks to Raphael Marichez for identifying this issue. e. Service console update for shadow-utils This patch provides an updated shadow-utils package. A new user's mailbox, when created, could have random permissions for a short period. This could enable a local malicious user to read or modify the mailbox. (CVE-2006-1174) f. Service console update for OpenLDAP This patch provides a updated OpenLDAP package. A flaw could allow users with selfwrite access to modify the distinguished name of any user, instead of being limited to modify only their own distinguished name. (CVE-2006-4600) g. Service console update for PAM This patch provides an updated PAM package A vulnerability was found that could allow console users with access to certain device files to cause damage to recordable CD drives. Certain file permissions have now been modified to disallow access. (CVE-2004-0813) A flaw was found with console device permissions. It was possible for various console devices to retain ownership of the previoius console user after logging out, which could result in leakage of information to an unauthorized user. (CVE-2007-1716) h. Service console update for GCC This patch provides security fixes for the service console GNU Compiler Collection (GCC) packages that include C, C++, Java, Fortran 77, Objective C, and Ada 95 GNU compilers and related support libraries. A flaw was found in the fastjar utility that could potentially allow a malicious user to create a JAR file which, if unpacked using fastjar, could write to any file that an authorized user had write access to. (CVE-2006-3619) Thanks to Jürgen Weigert for identifying this issue. i. Service Console update for GDB This patch provides a security fix for the service console GNU debugger (GDB). Various vulnerabilities were found in GDB. These vulnerabilities may allow a malicious user to deceive a user into loading debugging information into GDB, enabling the execution of arbitrary code with the privileges of the user. (CVE-2006-4146)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40370
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40370
    title VMSA-2007-0006 : Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200702-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200702-06 (BIND: Denial of Service) An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to type ANY queries with multiple RRsets. Impact : A remote attacker could crash the server through unspecified vectors or, if DNSSEC validation is enabled, by sending certain crafted ANY queries. Workaround : There is no known workaround at this time for the first issue. The DNSSEC validation Denial of Service can be prevented by disabling DNSSEC validation until the upgrade to a fixed version. Note that DNSSEC validation is disabled on a default configuration.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 24367
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24367
    title GLSA-200702-06 : BIND: Denial of Service
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0057.NASL
    description From Red Hat Security Advisory 2007:0057 : Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67445
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67445
    title Oracle Linux 5 : bind (ELSA-2007-0057)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0057.NASL
    description Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 25313
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25313
    title RHEL 5 : bind (RHSA-2007:0057)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-026-01.NASL
    description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix denial of service security issues. Versions of bind-9.2.x older than bind-9.2.8, and versions of bind-9.3.x older than 9.3.4 can be made to crash with malformed local or remote data.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 24667
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24667
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-026-01)
oval via4
accepted 2013-04-29T04:14:34.492-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
family unix
id oval:org.mitre.oval:def:11523
status accepted
submitted 2010-07-09T03:56:16-04:00
title ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
version 24
redhat via4
advisories
  • bugzilla
    id 225222
    title CVE-2007-0494 BIND dnssec denial of service
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-20.EL3
            oval oval:com.redhat.rhsa:tst:20070044002
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-20.EL3
            oval oval:com.redhat.rhsa:tst:20070044008
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-20.EL3
            oval oval:com.redhat.rhsa:tst:20070044004
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-20.EL3
            oval oval:com.redhat.rhsa:tst:20070044006
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-20.EL3
            oval oval:com.redhat.rhsa:tst:20070044010
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-24.EL4
            oval oval:com.redhat.rhsa:tst:20070044013
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-24.EL4
            oval oval:com.redhat.rhsa:tst:20070044014
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-24.EL4
            oval oval:com.redhat.rhsa:tst:20070044015
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-24.EL4
            oval oval:com.redhat.rhsa:tst:20070044017
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-24.EL4
            oval oval:com.redhat.rhsa:tst:20070044016
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
    rhsa
    id RHSA-2007:0044
    released 2007-02-06
    severity Moderate
    title RHSA-2007:0044: bind security update (Moderate)
  • bugzilla
    id 225229
    title CVE-2007-0494 BIND dnssec denial of service
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment bind is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057002
        • comment bind is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057003
      • AND
        • comment bind-chroot is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057004
        • comment bind-chroot is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057005
      • AND
        • comment bind-devel is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057006
        • comment bind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057007
      • AND
        • comment bind-libbind-devel is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057014
        • comment bind-libbind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057015
      • AND
        • comment bind-libs is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057016
        • comment bind-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057017
      • AND
        • comment bind-sdb is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057008
        • comment bind-sdb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057009
      • AND
        • comment bind-utils is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057010
        • comment bind-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057011
      • AND
        • comment caching-nameserver is earlier than 30:9.3.3-8.el5
          oval oval:com.redhat.rhsa:tst:20070057012
        • comment caching-nameserver is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057013
    rhsa
    id RHSA-2007:0057
    released 2007-03-14
    severity Moderate
    title RHSA-2007:0057: bind security update (Moderate)
rpms
  • bind-20:9.2.4-20.EL3
  • bind-chroot-20:9.2.4-20.EL3
  • bind-devel-20:9.2.4-20.EL3
  • bind-libs-20:9.2.4-20.EL3
  • bind-utils-20:9.2.4-20.EL3
  • bind-20:9.2.4-24.EL4
  • bind-chroot-20:9.2.4-24.EL4
  • bind-devel-20:9.2.4-24.EL4
  • bind-libs-20:9.2.4-24.EL4
  • bind-utils-20:9.2.4-24.EL4
  • bind-30:9.3.3-8.el5
  • bind-chroot-30:9.3.3-8.el5
  • bind-devel-30:9.3.3-8.el5
  • bind-libbind-devel-30:9.3.3-8.el5
  • bind-libs-30:9.3.3-8.el5
  • bind-sdb-30:9.3.3-8.el5
  • bind-utils-30:9.3.3-8.el5
  • caching-nameserver-30:9.3.3-8.el5
refmap via4
aixapar
  • IY95618
  • IY95619
  • IY96144
  • IY96324
apple APPLE-SA-2007-05-24
bid 22231
confirm
debian DSA-1254
fedora
  • FEDORA-2007-147
  • FEDORA-2007-164
freebsd FreeBSD-SA-07:02
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo GLSA-200702-06
hp
  • HPSBTU02207
  • HPSBUX02219
  • SSRT061213
  • SSRT061239
  • SSRT061273
  • SSRT071304
mandriva MDKSA-2007:030
mlist [bind-announce] 20070125 Internet Systems Consortium Security Advisory.
netbsd NetBSD-SA2007-003
openpkg OpenPKG-SA-2007.007
sectrack 1017573
secunia
  • 23904
  • 23924
  • 23943
  • 23944
  • 23972
  • 23974
  • 23977
  • 24014
  • 24048
  • 24054
  • 24083
  • 24129
  • 24203
  • 24284
  • 24648
  • 24930
  • 24950
  • 25402
  • 25482
  • 25649
  • 25715
  • 26909
  • 27706
sgi 20070201-01-P
slackware SSA:2007-026-01
sunalert 102969
suse SUSE-SA:2007:014
trustix 2007-0005
ubuntu USN-418-1
vupen
  • ADV-2007-1401
  • ADV-2007-1939
  • ADV-2007-2002
  • ADV-2007-2163
  • ADV-2007-2245
  • ADV-2007-2315
  • ADV-2007-3229
xf bind-rrsets-dos(31838)
Last major update 06-12-2016 - 21:59
Published 25-01-2007 - 15:28
Last modified 10-10-2017 - 21:31
Back to Top