CVE-2007-0494

Sažetak

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://docs.info.apple.com/article.html?artnum=305530
http://fedoranews.org/cms/node/2507
http://fedoranews.org/cms/node/2537
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
http://marc.info/?l=bind-announce&m=116968519300764&w=2
http://secunia.com/advisories/23904
http://secunia.com/advisories/23924
http://secunia.com/advisories/23943
http://secunia.com/advisories/23944
http://secunia.com/advisories/23972
http://secunia.com/advisories/23974
http://secunia.com/advisories/23977
http://secunia.com/advisories/24014
http://secunia.com/advisories/24048
http://secunia.com/advisories/24054
http://secunia.com/advisories/24083
http://secunia.com/advisories/24129
http://secunia.com/advisories/24203
http://secunia.com/advisories/24284
http://secunia.com/advisories/24648
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://secunia.com/advisories/25402
http://secunia.com/advisories/25482
http://secunia.com/advisories/25649
http://secunia.com/advisories/25715
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
http://security.gentoo.org/glsa/glsa-200702-06.xml
http://securitytracker.com/id?1017573
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm
http://www.debian.org/security/2007/dsa-1254
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
http://www.mandriva.com/security/advisories?name=MDKSA-2007:030
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
http://www.redhat.com/support/errata/RHSA-2007-0044.html
http://www.redhat.com/support/errata/RHSA-2007-0057.html
http://www.securityfocus.com/bid/22231
http://www.trustix.org/errata/2007/0005
http://www.ubuntu.com/usn/usn-418-1
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/2002
http://www.vupen.com/english/advisories/2007/2163
http://www.vupen.com/english/advisories/2007/2245
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/3229
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324
https://exchange.xforce.ibmcloud.com/vulnerabilities/31838
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://issues.rpath.com/browse/RPL-989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:31

Objavljeno

25-01-2007 - 20:28