Vulnerabilities > CVE-2007-0494 - Data Processing Errors vulnerability in ISC Bind

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
isc
CWE-19
nessus
NVD
Published: 2007-01-25
Updated: 2017-10-11

Summary

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. Syccessful exploitation requires that the victim has enabled dnssec validation in named.conf by specifying trusted-keys.

Vulnerable Configurations

Part Description Count
Application
Isc
92

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0044.NASL
    descriptionUpdated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494) For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update. Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs. Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24289
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24289
    titleCentOS 3 / 4 : bind (CESA-2007:0044)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-026-01.NASL
    descriptionNew bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix denial of service security issues. Versions of bind-9.2.x older than bind-9.2.8, and versions of bind-9.3.x older than 9.3.4 can be made to crash with malformed local or remote data.
    last seen2020-06-01
    modified2020-06-02
    plugin id24667
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24667
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-026-01)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1254.NASL
    descriptionIt was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extentions.
    last seen2020-06-01
    modified2020-06-02
    plugin id24293
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24293
    titleDebian DSA-1254-1 : bind9 - insufficient input sanitising
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2007-0006.NASL
    descriptionProblems addressed by these patches : I Arbitrary code execution and denial of service vulnerabilities This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. (CVE-2007-4496) This release fixes a denial of service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or exit unexpectedly. (CVE-2007-4497) Thanks to Rafal Wojtczvk of McAfee for identifying and reporting these issues. II Hosted products DHCP security vulnerabilities addressed This release fixes several vulnerabilities in the DHCP server that could enable a specially crafted packets to gain system-level privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063) Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities. III Windows based hosted product vulnerability in IntraProcessLogging.dll and vielib.dll. This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system. (CVE-2007-4059) This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system. (CVE-2007-4155) Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities. IV Escalation of privileges on Windows hosted systems This release fixes a security vulnerability in which Workstation was starting registered Windows services in an insecure manner. This vulnerability could allow a malicious user to escalate user privileges. Thanks to Foundstone for discovering this vulnerability. V Potential denial of service using VMware Player This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. VI ESX Service Console updates a. Service console package Samba, has been updated to address the following issues : Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default username map script option. (CVE-2007-2447) Thanks to the Samba developers, TippingPoint, and iDefense for identifying and reporting these issues. Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 b. Updated bind package for the service console fixes a flaw with the way ISC BIND processed certain DNS query responses. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Under some circumstances, a malicious remote user could launch a Denial-of-Service attack on ESX Server hosts that had enabled DNSSEC validation. (CVE-2007-0494) Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 c. This patch provides updated service console package krb5 update. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798 to these security issues. Thanks to Wei Wang of McAfee Avert Labs discovered these vulnerabilities. Note: The VMware service console does not provide the kadmind binary, and is not affected by these issues, but a update has been provided for completeness. d. Service console update for vixie-cron This patch provides an updated service console package vixie-cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A denial of service issue was found in the way vixie-cron verified crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could potentially prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) Thanks to Raphael Marichez for identifying this issue. e. Service console update for shadow-utils This patch provides an updated shadow-utils package. A new user
    last seen2020-06-01
    modified2020-06-02
    plugin id40370
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40370
    titleVMSA-2007-0006 : Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0057.NASL
    descriptionUpdated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25313
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25313
    titleRHEL 5 : bind (RHSA-2007:0057)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_35920.NASL
    descriptions700_800 11.23 Bind 9.2.0 components : Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). References: CVE-2006-4339, CVE-2007-0493 (BIND v9.3.2 only), CVE-2007-0494.
    last seen2020-06-01
    modified2020-06-02
    plugin id26138
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26138
    titleHP-UX PHNE_35920 : HP-UX Running BIND, Remote Denial of Service (DoS) (HPSBUX02219 SSRT061273 rev.1)
  • NASL familyDNS
    NASL idBIND9_DOS4.NASL
    descriptionThe version of BIND installed on the remote host suggests that it suffers from a denial of service vulnerability that could be triggered by sending a large volume of recursive queries that return multiple RRsets in the answer section, triggering assertion checks. To be vulnerable you need to have enabled DNSSEC validation in named.conf by specifying trusted-keys. Note that Nessus obtained the version by sending a special DNS request for the text
    last seen2020-06-01
    modified2020-06-02
    plugin id17840
    published2012-01-19
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17840
    titleISC BIND Crafted ANY Request Response Multiple RRsets DoS
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0044.NASL
    descriptionFrom Red Hat Security Advisory 2007:0044 : Updated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494) For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update. Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs. Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67444
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67444
    titleOracle Linux 3 / 4 : bind (ELSA-2007-0044)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3CB6F059C69D11DB9F82000E0C2E438A.NASL
    descriptionA type * (ANY) query response containing multiple RRsets can trigger an assertion failure. Certain recursive queries can cause the nameserver to crash by using memory which has already been freed. Impact : A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service. A remote attacker sending recursive queries can cause the nameserver to crash, resulting in a Denial of Service. Workaround : There is no workaround available, but systems which are not authoritative servers for DNSSEC signed zones are not affected by the first issue; and systems which do not permit untrusted users to perform recursive DNS resolution are not affected by the second issue. Note that the default configuration for named(8) in FreeBSD allows local access only (which on many systems is equivalent to refusing access to untrusted users).
    last seen2020-06-01
    modified2020-06-02
    plugin id24730
    published2007-02-28
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24730
    titleFreeBSD : bind -- Multiple Denial of Service vulnerabilities (3cb6f059-c69d-11db-9f82-000e0c2e438a)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0057.NASL
    descriptionFrom Red Hat Security Advisory 2007:0057 : Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67445
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67445
    titleOracle Linux 5 : bind (ELSA-2007-0057)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U800591.NASL
    descriptionThe remote host is missing AIX PTF U800591, which is related to the security of the package bos.net.tcp.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id65266
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65266
    titleAIX 5.3 TL 6 : bos.net.tcp.client (U800591)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-147.NASL
    descriptionUpdated to version 9.3.4 which contains two security bugfixes - Serialise validation of type ANY responses. [RT #16555] - It was possible to dereference a freed fetch context. [RT #16584] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24299
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24299
    titleFedora Core 6 : bind-9.3.4-1.fc6 (2007-147)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U803849.NASL
    descriptionThe remote host is missing AIX PTF U803849, which is related to the security of the package bos.net.tcp.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id65277
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65277
    titleAIX 5.2 TL 10 : bos.net.tcp.client (U803849)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2007_014.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2007:014 (bind). Two security problems were fixed in the ISC BIND nameserver version 9.3.4, which are addressed by this advisory: CVE-2007-0493: If recursion is enabled, a remote attacker can dereference a freed fetch context causing the daemon to abort / crash. CVE-2007-0494: By sending specific DNS query responses with multiple RRSETS attackers could cause BIND to exit abnormally. Updates for SUSE Linux Enterprise Server were released on Friday 26th of January, updates for SUSE Linux and openSUSE were released on Monday 29th of January.
    last seen2019-10-28
    modified2007-02-18
    plugin id24411
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24411
    titleSUSE-SA:2007:014: bind
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-164.NASL
    descriptionFixed two security bugs - DNSSEC denial of service - BIND might crash after attempting to read free()-ed memory and some common bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24300
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24300
    titleFedora Core 5 : bind-9.3.4-1.fc5 (2007-164)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-418-1.NASL
    descriptionA flaw was discovered in Bind
    last seen2020-06-01
    modified2020-06-02
    plugin id28010
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28010
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : bind9 vulnerabilities (USN-418-1)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U804534.NASL
    descriptionThe remote host is missing AIX PTF U804534, which is related to the security of the package bos.net.tcp.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id65283
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65283
    titleAIX 5.3 TL 7 : bos.net.tcp.client (U804534)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2007-005.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen2020-06-01
    modified2020-06-02
    plugin id25297
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25297
    titleMac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-030.NASL
    descriptionUse-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to
    last seen2020-06-01
    modified2020-06-02
    plugin id24643
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24643
    titleMandrake Linux Security Advisory : bind (MDKSA-2007:030)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0044.NASL
    descriptionUpdated bind packages that fix a security issue and a bug are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494) For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update. Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs. Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24318
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24318
    titleRHEL 2.1 / 3 / 4 : bind (RHSA-2007:0044)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200702-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200702-06 (BIND: Denial of Service) An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to type ANY queries with multiple RRsets. Impact : A remote attacker could crash the server through unspecified vectors or, if DNSSEC validation is enabled, by sending certain crafted ANY queries. Workaround : There is no known workaround at this time for the first issue. The DNSSEC validation Denial of Service can be prevented by disabling DNSSEC validation until the upgrade to a fixed version. Note that DNSSEC validation is disabled on a default configuration.
    last seen2020-06-01
    modified2020-06-02
    plugin id24367
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24367
    titleGLSA-200702-06 : BIND: Denial of Service

Oval

accepted2013-04-29T04:14:34.492-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
familyunix
idoval:org.mitre.oval:def:11523
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
version27

Redhat

advisories
  • bugzilla
    id225222
    titleCVE-2007-0494 BIND dnssec denial of service
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentbind is earlier than 20:9.2.4-24.EL4
            ovaloval:com.redhat.rhsa:tst:20070044001
          • commentbind is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070044002
        • AND
          • commentbind-devel is earlier than 20:9.2.4-24.EL4
            ovaloval:com.redhat.rhsa:tst:20070044003
          • commentbind-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070044004
        • AND
          • commentbind-libs is earlier than 20:9.2.4-24.EL4
            ovaloval:com.redhat.rhsa:tst:20070044005
          • commentbind-libs is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070044006
        • AND
          • commentbind-chroot is earlier than 20:9.2.4-24.EL4
            ovaloval:com.redhat.rhsa:tst:20070044007
          • commentbind-chroot is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070044008
        • AND
          • commentbind-utils is earlier than 20:9.2.4-24.EL4
            ovaloval:com.redhat.rhsa:tst:20070044009
          • commentbind-utils is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20070044010
    rhsa
    idRHSA-2007:0044
    released2007-02-06
    severityModerate
    titleRHSA-2007:0044: bind security update (Moderate)
  • bugzilla
    id225229
    titleCVE-2007-0494 BIND dnssec denial of service
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentbind-libs is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057001
          • commentbind-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057002
        • AND
          • commentcaching-nameserver is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057003
          • commentcaching-nameserver is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057004
        • AND
          • commentbind-libbind-devel is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057005
          • commentbind-libbind-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057006
        • AND
          • commentbind-chroot is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057007
          • commentbind-chroot is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057008
        • AND
          • commentbind-sdb is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057009
          • commentbind-sdb is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057010
        • AND
          • commentbind-devel is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057011
          • commentbind-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057012
        • AND
          • commentbind-utils is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057013
          • commentbind-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057014
        • AND
          • commentbind is earlier than 30:9.3.3-8.el5
            ovaloval:com.redhat.rhsa:tst:20070057015
          • commentbind is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070057016
    rhsa
    idRHSA-2007:0057
    released2007-03-14
    severityModerate
    titleRHSA-2007:0057: bind security update (Moderate)
rpms
  • bind-0:9.2.1-8.EL2
  • bind-20:9.2.4-20.EL3
  • bind-20:9.2.4-24.EL4
  • bind-chroot-20:9.2.4-20.EL3
  • bind-chroot-20:9.2.4-24.EL4
  • bind-debuginfo-20:9.2.4-20.EL3
  • bind-debuginfo-20:9.2.4-24.EL4
  • bind-devel-0:9.2.1-8.EL2
  • bind-devel-20:9.2.4-20.EL3
  • bind-devel-20:9.2.4-24.EL4
  • bind-libs-20:9.2.4-20.EL3
  • bind-libs-20:9.2.4-24.EL4
  • bind-utils-0:9.2.1-8.EL2
  • bind-utils-20:9.2.4-20.EL3
  • bind-utils-20:9.2.4-24.EL4
  • bind-30:9.3.3-8.el5
  • bind-chroot-30:9.3.3-8.el5
  • bind-debuginfo-30:9.3.3-8.el5
  • bind-devel-30:9.3.3-8.el5
  • bind-libbind-devel-30:9.3.3-8.el5
  • bind-libs-30:9.3.3-8.el5
  • bind-sdb-30:9.3.3-8.el5
  • bind-utils-30:9.3.3-8.el5
  • caching-nameserver-30:9.3.3-8.el5

Seebug

bulletinFamilyexploit
descriptionApple Mac OS X是一款基于BSD的商业性质的操作系统。 Apple Mac OS X存在多个安全问题,远程攻击者可以利用漏洞进行拒绝服务,执行任意代码,提升特权等攻击。 CVE-ID: CVE-2007-0740 Alias Manager在部分条件可以使用户打开恶意文件,导致特权提升。 CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096: BIND服务程序存在多个安全问题,可导致拒绝服务攻击。 CVE-ID: CVE-2007-0750 CoreGraphics在打开特殊构建的PDF文件时可触发溢出,导致任意代码执行。 CVE-ID: CVE-2007-0751 当每日清楚脚本执行时,/tmp目录中的挂接的文件系统可被删除。 CVE-ID: CVE-2007-1558 fetchmail加密存在安全问题,可导致泄露密码信息。 CVE-ID: CVE-2007-1536 运行file命令打开特殊构建的文件可导致任意代码执行或拒绝服务攻击。 CVE-ID: CVE-2007-2390 iChat用于在家用NAT网关上建立端口映射的UPnP IGD代码存在缓冲区溢出,构建恶意报文可导致任意代码执行。 CVE-ID: CVE-2007-0752 PPP守护进程在通过命令行装载插件时可导致特权提升。 CVE-ID: CVE-2006-5467, CVE-2006-6303 Ruby CGI库存在多个拒绝服务攻击。 CVE-ID: CVE-2006-4573 GNU Screen存在多个拒绝服务问题。 CVE-ID: CVE-2005-3011 texinfo存在漏洞允许任意文件被覆盖。 CVE-ID: CVE-2007-0753 vpnd存在格式串问题,可用于提升特权。 Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X Preview.app 3.0.8 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 升级程序: Apple Mac OS X Server 10.3.9 * Apple SecUpdSrvr2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpdSrvr2007-005Pan.dmg Apple Mac OS X 10.3.9 * Apple SecUpd2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Pan.dmg Apple Mac OS X Server 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Univ.dmg Apple Mac OS X 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&amp;cat=</a> 1&amp;platform=osx&amp;method=sa/SecUpd2007-005Univ.dmg
idSSV:1795
last seen2017-11-19
modified2007-05-25
published2007-05-25
reporterRoot
titleApple Mac OS X 2007-005多个安全漏洞

References