CVE-2007-0494

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

Link	Resource
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8	Patch
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4	Patch
http://secunia.com/advisories/23904	Patch Vendor Advisory
http://www.isc.org/index.pl?/sw/bind/bind-security.php
https://issues.rpath.com/browse/RPL-989
http://www.debian.org/security/2007/dsa-1254
http://fedoranews.org/cms/node/2507
http://fedoranews.org/cms/node/2537
http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
http://security.gentoo.org/glsa/glsa-200702-06.xml
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
http://www.redhat.com/support/errata/RHSA-2007-0044.html
http://www.redhat.com/support/errata/RHSA-2007-0057.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
http://www.trustix.org/errata/2007/0005
http://www.ubuntu.com/usn/usn-418-1
http://www.securityfocus.com/bid/22231
http://securitytracker.com/id?1017573
http://secunia.com/advisories/23972	Vendor Advisory
http://secunia.com/advisories/23924	Vendor Advisory
http://secunia.com/advisories/23944	Vendor Advisory
http://secunia.com/advisories/23943	Vendor Advisory
http://secunia.com/advisories/23974	Vendor Advisory
http://secunia.com/advisories/23977	Vendor Advisory
http://secunia.com/advisories/24054	Vendor Advisory
http://secunia.com/advisories/24014	Vendor Advisory
http://secunia.com/advisories/24083	Vendor Advisory
http://secunia.com/advisories/24048	Vendor Advisory
http://secunia.com/advisories/24129	Vendor Advisory
http://secunia.com/advisories/24203	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm
http://secunia.com/advisories/24648	Vendor Advisory
http://secunia.com/advisories/24950	Vendor Advisory
http://secunia.com/advisories/24930	Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://docs.info.apple.com/article.html?artnum=305530
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:030
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
http://secunia.com/advisories/25402	Vendor Advisory
http://secunia.com/advisories/25649
http://secunia.com/advisories/25715
http://secunia.com/advisories/24284
http://secunia.com/advisories/25482
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/2163
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/3229
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/2245
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
http://www.vupen.com/english/advisories/2007/2002
http://marc.info/?l=bind-announce&m=116968519300764&w=2
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://exchange.xforce.ibmcloud.com/vulnerabilities/31838
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523

Configuration 1

cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.1:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.2:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:rc4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:b2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:b3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:b4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.0:rc3:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.3.1:b2:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:* cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*

---

Published : 2007-01-25 08:28

Updated : 2017-10-11 01:31

---

NVD link : CVE-2007-0494

Mitre link : CVE-2007-0494

No products.

CWE-19