Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-0696

Published: 29/07/2009 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Bind

Vulnerability Summary

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 prior to 9.4.3-P3, 9.5 prior to 9.5.1-P3, and 9.6 prior to 9.6.1-P1, when configured as a master server, allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind 9.6.1

isc bind 9.6

isc bind 9.6.0

isc bind 9.5.0

isc bind 9.4.3

isc bind 9.4.2

isc bind 9.4.0

isc bind 9.4

isc bind 9.5

isc bind 9.4.1

Vendor Advisories

Debian CVElist Bug Report Logs: bind9 dies with assertion failure (db.c:579)
Debian Bug report logs - #538975 bind9 dies with assertion failure (dbc:579) Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Micha Krause <debianbugs@norisnet> Date: Tue, 28 Jul 2009 09:30:02 UTC Severity: serio ...
Ubuntu Security Notice: bind9 vulnerability
Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service ...
Red Hat: Important: bind security and bug fix update
Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Topic Updated bind packages that fix a security issue and a bug are now availablefor Red Hat Enterprise Linux 3This update has been rated as having important security impact by the RedHat Security Response Team ...
Red Hat: Important: bind security and bug fix update
Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Topic Updated bind packages that fix a security issue and a bug are now availablefor Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic Updated bind packages that fix a security issue are now available for RedHat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team[Updated 29th July 200 ...
Debian Security Advisories: DSA-1847-1 bind9 -- improper assert
It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled The default Debian configuration for resolvers includes several authoritative zones, too, s ...

Exploits

Exploit DB: ISC BIND 9 - Remote Dynamic Update Message Denial of Service (PoC)
/* ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC "Based on: wwwsecurityfocuscom/data/vulnerabilities/exploits/35848txt by kingcope - this is basically a rewrite of the above, lame i know, but fun enough for the [zone] argument you can try what is in the namedconf with "type master" */ #include ...

References

CWE-16https://www.isc.org/node/474http://www.kb.cert.org/vuls/id/725188http://www.ubuntu.com/usn/usn-808-1http://www.openbsd.org/errata44.html#014_bindhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1http://secunia.com/advisories/36053http://www.securitytracker.com/id?1022613http://www.vupen.com/english/advisories/2009/2088http://www.vupen.com/english/advisories/2009/2036http://wiki.rpath.com/Advisories:rPSA-2009-0113http://secunia.com/advisories/36192http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975http://secunia.com/advisories/36086http://secunia.com/advisories/36098http://secunia.com/advisories/36056http://secunia.com/advisories/36038ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.aschttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499http://aix.software.ibm.com/aix/efixes/security/bind_advisory.aschttp://secunia.com/advisories/36063http://www.vupen.com/english/advisories/2009/2171http://secunia.com/advisories/36050https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.htmlhttp://secunia.com/advisories/36035http://up2date.astaro.com/2009/08/up2date_7505_released.htmlhttp://www.vupen.com/english/advisories/2009/2247http://www.vupen.com/english/advisories/2009/3316http://secunia.com/advisories/37471http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://secunia.com/advisories/39334ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txthttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414http://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/archive/1/505403/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975https://usn.ubuntu.com/808-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/9300/https://www.kb.cert.org/vuls/id/725188
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook