ID CVE-2007-2241
Summary Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. Successful exploitation requires that "recursion" is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
bid 23738
cert-vn VU#718460
confirm http://www.isc.org/index.pl?/sw/bind/bind-security.php
mandriva MDKSA-2007:100
osvdb 34748
sectrack 1017985
secunia 25070
vupen ADV-2007-1593
xf bind-queryaddsoa-dos(33988)
statements via4
contributor Mark J Cox
lastmodified 2007-05-03
organization Red Hat
statement Not vulnerable. These issues did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 30-10-2018 - 16:27
Published 02-05-2007 - 10:19
Back to Top