ID CVE-2006-4095
Summary BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
apple APPLE-SA-2007-05-24
bid 19859
bugtraq 20060908 rPSA-2006-0166-1 bind bind-utils
cert-vn VU#915404
confirm
debian DSA-1172
freebsd FreeBSD-SA-06:20.bind
gentoo GLSA-200609-11
hp
  • HPSBTU02207
  • SSRT061213
  • SSRT061239
  • SSRT071304
mandriva MDKSA-2006:163
misc http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
openbsd [3.9] 20060908 010: SECURITY FIX: September 8, 2006
openpkg OpenPKG-SA-2006.019
sectrack 1016794
secunia
  • 21752
  • 21786
  • 21816
  • 21818
  • 21828
  • 21835
  • 21838
  • 21912
  • 21926
  • 22298
  • 24950
  • 25402
slackware SSA:2006-257-01
suse
  • SUSE-SR:2006:023
  • SUSE-SR:2006:024
ubuntu USN-343-1
vupen
  • ADV-2006-3473
  • ADV-2007-1401
  • ADV-2007-1939
xf bind-dnssec-rrset-dos(28745)
statements via4
contributor Mark J Cox
lastmodified 2006-09-06
organization Red Hat
statement Not Vulnerable. The version of BIND that ships with Red Hat Enterprise Linux is not vulnerable to this issue as it does not handle signed RR records.
Last major update 17-10-2018 - 21:33
Published 06-09-2006 - 00:04
Last modified 17-10-2018 - 21:33
Back to Top