FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0696

This CVE name corresponds to:

Entered Topic
2009-08-01 BIND -- Dynamic update message remote DoS

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-0696
Phase Assigned(20090222)

Description

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

References

Source Reference
BUGTRAQ 20090729 rPSA-2009-0113-1 bind bind-utils
BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
CONFIRM https://www.isc.org/node/474
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0113
CONFIRM http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
CONFIRM http://up2date.astaro.com/2009/08/up2date_7505_released.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
CONFIRM ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
FEDORA FEDORA-2009-8119
NETBSD NetBSD-SA2009-013
OPENBSD [4.4] 014: RELIABILITY FIX: July 29, 2009
SLACKWARE SSA:2009-210-01
SUNALERT 264828
SUNALERT 1020788
UBUNTU USN-808-1
CERT-VN VU#725188
OVAL oval:org.mitre.oval:def:10414
OVAL oval:org.mitre.oval:def:7806
OVAL oval:org.mitre.oval:def:12245
SECTRACK 1022613
SECUNIA 36053
SECUNIA 36038
SECUNIA 36050
SECUNIA 36056
SECUNIA 36063
SECUNIA 36086
SECUNIA 36098
SECUNIA 36192
SECUNIA 36035
SECUNIA 37471
SECUNIA 39334
VUPEN ADV-2009-2036
VUPEN ADV-2009-2088
VUPEN ADV-2009-2171
VUPEN ADV-2009-2247
VUPEN ADV-2009-3316