Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-0696

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

Published

2009-07-29T17:30:00.920

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-16

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	9.4	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.0	Yes
Application	isc	bind	9.4.1	Yes
Application	isc	bind	9.4.2	Yes
Application	isc	bind	9.4.2	Yes
Application	isc	bind	9.4.2	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.4.3	Yes
Application	isc	bind	9.5	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.5.0	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.0	Yes
Application	isc	bind	9.6.1	Yes
Application	isc	bind	9.6.1	Yes

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc ([email protected])
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt ([email protected])
http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 ([email protected])
http://secunia.com/advisories/36035 ([email protected])
http://secunia.com/advisories/36038 ([email protected])
http://secunia.com/advisories/36050 ([email protected])
http://secunia.com/advisories/36053 ([email protected])
http://secunia.com/advisories/36056 ([email protected])
http://secunia.com/advisories/36063 ([email protected])
http://secunia.com/advisories/36086 ([email protected])
http://secunia.com/advisories/36098 ([email protected])
http://secunia.com/advisories/36192 ([email protected])
http://secunia.com/advisories/37471 ([email protected])
http://secunia.com/advisories/39334 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1 ([email protected])
http://up2date.astaro.com/2009/08/up2date_7505_released.html ([email protected])
http://wiki.rpath.com/Advisories:rPSA-2009-0113 ([email protected])
http://www.kb.cert.org/vuls/id/725188 US Government Resource ([email protected])
http://www.openbsd.org/errata44.html#014_bind ([email protected])
http://www.securityfocus.com/archive/1/505403/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/507985/100/0/threaded ([email protected])
http://www.securitytracker.com/id?1022613 ([email protected])
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499 ([email protected])
http://www.ubuntu.com/usn/usn-808-1 ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0016.html ([email protected])
http://www.vupen.com/english/advisories/2009/2036 ([email protected])
http://www.vupen.com/english/advisories/2009/2088 ([email protected])
http://www.vupen.com/english/advisories/2009/2171 ([email protected])
http://www.vupen.com/english/advisories/2009/2247 ([email protected])
http://www.vupen.com/english/advisories/2009/3316 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806 ([email protected])
https://www.isc.org/node/474 Patch, Vendor Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html ([email protected])
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc (af854a3a-2127-422b-91ae-364da2661108)
ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt (af854a3a-2127-422b-91ae-364da2661108)
http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36035 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36038 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36050 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36053 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36056 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36063 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36086 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36098 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36192 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37471 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39334 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1 (af854a3a-2127-422b-91ae-364da2661108)
http://up2date.astaro.com/2009/08/up2date_7505_released.html (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/Advisories:rPSA-2009-0113 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/725188 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata44.html#014_bind (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/505403/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507985/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1022613 (af854a3a-2127-422b-91ae-364da2661108)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-808-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0016.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2036 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2088 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2171 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2247 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3316 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806 (af854a3a-2127-422b-91ae-364da2661108)
https://www.isc.org/node/474 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html (af854a3a-2127-422b-91ae-364da2661108)