CVE-2009-0696

Published: Jul 29, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.

Affected (65)

Products: Isc: Bind

Isc

1 product

Bind

Configuration A

65 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	Version 9.4.0
Isc Bind	Version 9.4.0 a1
Isc Bind	Version 9.4.0 a2
Isc Bind	Version 9.4.0 a3
Isc Bind	Version 9.4.0 a4
Isc Bind	Version 9.4.0 a5
Isc Bind	Version 9.4.0 a6
Isc Bind	Version 9.4.0 b1
Isc Bind	Version 9.4.0 b2
Isc Bind	Version 9.4.0 b3
Isc Bind	Version 9.4.0 b4
Isc Bind	Version 9.4.0 rc1
Isc Bind	Version 9.4.0 rc2
Isc Bind	Version 9.4.1
Isc Bind	Version 9.4.2
Isc Bind	Version 9.4.2 rc1
Isc Bind	Version 9.4.2 rc2
Isc Bind	Version 9.4.3
Isc Bind	Version 9.4.3 b1
Isc Bind	Version 9.4.3 b2
Isc Bind	Version 9.4.3 b3
Isc Bind	Version 9.4.3 p2
Isc Bind	Version 9.4
Isc Bind	Version 9.5.0
Isc Bind	Version 9.5.0 a1
Isc Bind	Version 9.5.0 a2
Isc Bind	Version 9.5.0 a3
Isc Bind	Version 9.5.0 a4
Isc Bind	Version 9.5.0 a5
Isc Bind	Version 9.5.0 a6
Isc Bind	Version 9.5.0 a7
Isc Bind	Version 9.5.0 b1
Isc Bind	Version 9.5.0 b2
Isc Bind	Version 9.5.0 b3
Isc Bind	Version 9.5.0 p1
Isc Bind	Version 9.5.0 p2
Isc Bind	Version 9.5.0 p2_w1
Isc Bind	Version 9.5.0 p2_w2
Isc Bind	Version 9.5
Isc Bind	Version 9.6.0
Isc Bind	Version 9.6.0 a1
Isc Bind	Version 9.6.0 b1
Isc Bind	Version 9.6.0 p1
Isc Bind	Version 9.6.0 rc1
Isc Bind	Version 9.6.0 rc2
Isc Bind	Version 9.6.1
Isc Bind	Version 9.6.1 b1
Isc Bind	Version 9.6
Isc Bind	Version 9.6 r1
Isc Bind	Version 9.6 r2
Isc Bind	Version 9.6 r3
Isc Bind	Version 9.6 r4
Isc Bind	Version 9.6 r4_p1
Isc Bind	Version 9.6 r5
Isc Bind	Version 9.6 r5_b1
Isc Bind	Version 9.6 r5_p1
Isc Bind	Version 9.6 r6
Isc Bind	Version 9.6 r6_b1
Isc Bind	Version 9.6 r6_rc1
Isc Bind	Version 9.6 r6_rc2
Isc Bind	Version 9.6 r7
Isc Bind	Version 9.6 r7_p1
Isc Bind	Version 9.6 r7_p2
Isc Bind	Version 9.6 r9
Isc Bind	Version 9.6 r9_p1

Related CWEs

CWE-16

References (74)

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc (unsafe URL)

Source: cret@cert.org

ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt (unsafe URL)

Source: cret@cert.org

http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc

Source: cret@cert.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975

Source: cret@cert.org

http://secunia.com/advisories/36035

Source: cret@cert.org

http://secunia.com/advisories/36038

Source: cret@cert.org

http://secunia.com/advisories/36050

Source: cret@cert.org

http://secunia.com/advisories/36053

Source: cret@cert.org

http://secunia.com/advisories/36056

Source: cret@cert.org

http://secunia.com/advisories/36063

Source: cret@cert.org

http://secunia.com/advisories/36086

Source: cret@cert.org

http://secunia.com/advisories/36098

Source: cret@cert.org

http://secunia.com/advisories/36192

Source: cret@cert.org

http://secunia.com/advisories/37471

Source: cret@cert.org

http://secunia.com/advisories/39334

Source: cret@cert.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1

Source: cret@cert.org

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1

Source: cret@cert.org

http://up2date.astaro.com/2009/08/up2date_7505_released.html

Source: cret@cert.org

http://wiki.rpath.com/Advisories:rPSA-2009-0113

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/725188

Source: cret@cert.org

US Government Resource

http://www.openbsd.org/errata44.html#014_bind

Source: cret@cert.org

http://www.securityfocus.com/archive/1/505403/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Source: cret@cert.org

http://www.securitytracker.com/id?1022613

Source: cret@cert.org

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499

Source: cret@cert.org

http://www.ubuntu.com/usn/usn-808-1

Source: cret@cert.org

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: cret@cert.org

http://www.vupen.com/english/advisories/2009/2036

Source: cret@cert.org

http://www.vupen.com/english/advisories/2009/2088

Source: cret@cert.org

http://www.vupen.com/english/advisories/2009/2171

Source: cret@cert.org

http://www.vupen.com/english/advisories/2009/2247

Source: cret@cert.org

http://www.vupen.com/english/advisories/2009/3316

Source: cret@cert.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414

Source: cret@cert.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245

Source: cret@cert.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806

Source: cret@cert.org

https://www.isc.org/node/474

Source: cret@cert.org

PatchVendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html

Source: cret@cert.org

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc (unsafe URL)