ID CVE-2007-0493
Summary Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2013-04-29T04:20:42.086-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
family unix
id oval:org.mitre.oval:def:9614
status accepted
submitted 2010-07-09T03:56:16-04:00
title Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
version 18
redhat via4
advisories
rhsa
id RHSA-2007:0057
rpms
  • bind-30:9.3.3-8.el5
  • bind-chroot-30:9.3.3-8.el5
  • bind-devel-30:9.3.3-8.el5
  • bind-libbind-devel-30:9.3.3-8.el5
  • bind-libs-30:9.3.3-8.el5
  • bind-sdb-30:9.3.3-8.el5
  • bind-utils-30:9.3.3-8.el5
  • caching-nameserver-30:9.3.3-8.el5
refmap via4
apple APPLE-SA-2007-05-24
bid 22229
bugtraq 20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
confirm
fedora
  • FEDORA-2007-147
  • FEDORA-2007-164
freebsd FreeBSD-SA-07:02
fulldisc 20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
gentoo GLSA-200702-06
hp
  • HPSBTU02207
  • HPSBUX02219
  • SSRT061213
  • SSRT061239
  • SSRT061273
  • SSRT071304
mandriva MDKSA-2007:030
mlist [bind-announce] 20070125 Internet Systems Consortium Security Advisory.
netbsd NetBSD-SA2007-003
openpkg OpenPKG-SA-2007.007
sectrack 1017561
secunia
  • 23904
  • 23924
  • 23943
  • 23972
  • 23974
  • 23977
  • 24014
  • 24048
  • 24054
  • 24129
  • 24203
  • 24930
  • 24950
  • 25402
  • 25649
slackware SSA:2007-026-01
suse SUSE-SA:2007:014
trustix 2007-0005
ubuntu USN-418-1
vupen
  • ADV-2007-0349
  • ADV-2007-1401
  • ADV-2007-1939
  • ADV-2007-2163
  • ADV-2007-2315
statements via4
contributor Joshua Bressers
lastmodified 2007-01-29
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 30-10-2018 - 16:27
Published 25-01-2007 - 20:28
Back to Top