CVE-2007-0493 - Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4

CVE-2007-0493

Summary

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 13-02-2023 - 02:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

oval via4

accepted

2013-04-29T04:20:42.086-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9614

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2007:0057

rpms

bind-30:9.3.3-8.el5
bind-chroot-30:9.3.3-8.el5
bind-debuginfo-30:9.3.3-8.el5
bind-devel-30:9.3.3-8.el5
bind-libbind-devel-30:9.3.3-8.el5
bind-libs-30:9.3.3-8.el5
bind-sdb-30:9.3.3-8.el5
bind-utils-30:9.3.3-8.el5
caching-nameserver-30:9.3.3-8.el5

refmap via4

apple	APPLE-SA-2007-05-24
bid	22229
bugtraq	20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
confirm	http://docs.info.apple.com/article.html?artnum=305530 http://www.isc.org/index.pl?/sw/bind/bind-security.php http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8 http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 https://issues.rpath.com/browse/RPL-989
fedora	FEDORA-2007-147 FEDORA-2007-164
freebsd	FreeBSD-SA-07:02
fulldisc	20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
gentoo	GLSA-200702-06
hp	HPSBTU02207 HPSBUX02219 SSRT061213 SSRT061239 SSRT061273 SSRT071304
mandriva	MDKSA-2007:030
mlist	[bind-announce] 20070125 Internet Systems Consortium Security Advisory.
netbsd	NetBSD-SA2007-003
openpkg	OpenPKG-SA-2007.007
sectrack	1017561
secunia	23904 23924 23943 23972 23974 23977 24014 24048 24054 24129 24203 24930 24950 25402 25649
slackware	SSA:2007-026-01
suse	SUSE-SA:2007:014
trustix	2007-0005
ubuntu	USN-418-1
vupen	ADV-2007-0349 ADV-2007-1401 ADV-2007-1939 ADV-2007-2163 ADV-2007-2315

statements via4

contributor	Joshua Bressers
lastmodified	2007-01-29
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.

Last major update

13-02-2023 - 02:17

Published

25-01-2007 - 20:28

Last modified

13-02-2023 - 02:17