Executive Summary
Summary | |
---|---|
Title | bind security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1179 | First vendor Publication | 2009-07-29 |
Vendor | RedHat | Last vendor Modification | 2009-07-29 |
Severity (Vendor) | Important | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated bind packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 29th July 2009] The packages in this erratum have been updated to also correct this issue in the bind-sdb package. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. (CVE-2009-0696) Note: even if named is not configured for dynamic updates, receiving such a specially-crafted dynamic update packet could still cause named to exit unexpectedly. All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 514292 - CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1179.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10414 | |||
Oval ID: | oval:org.mitre.oval:def:10414 | ||
Title: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0696 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12245 | |||
Oval ID: | oval:org.mitre.oval:def:12245 | ||
Title: | HP-UX Running BIND, Remote Denial of Service (DoS) | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0696 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13755 | |||
Oval ID: | oval:org.mitre.oval:def:13755 | ||
Title: | DSA-1847-1 bind9 -- improper assert | ||
Description: | It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed. For the old stable distribution, this problem has been fixed in version 9.3.4-2etch5. For the stable distribution, this problem has been fixed in version 9.5.1.dfsg.P3-1. For the unstable distribution, this problem has been fixed in version 1:9.6.1.dfsg.P1-1. We recommend that you upgrade your bind9 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1847-1 CVE-2009-0696 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | bind9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22864 | |||
Oval ID: | oval:org.mitre.oval:def:22864 | ||
Title: | ELSA-2009:1179: bind security update (Important) | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1179-02 CVE-2009-0696 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | bind |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7806 | |||
Oval ID: | oval:org.mitre.oval:def:7806 | ||
Title: | VMware BIND vulnerability | ||
Description: | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0696 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for bind CESA-2009:1181 centos3 i386 File : nvt/gb_CESA-2009_1181_bind_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:1180 centos4 i386 File : nvt/gb_CESA-2009_1180_bind_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for bind CESA-2009:1179 centos5 i386 File : nvt/gb_CESA-2009_1179_bind_centos5_i386.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-004 File : nvt/macosx_secupd_2009-004.nasl |
2010-03-02 | Name : Fedora Update for bind FEDORA-2010-0861 File : nvt/gb_fedora_2010_0861_bind_fc11.nasl |
2009-12-03 | Name : Fedora Core 11 FEDORA-2009-12218 (bind) File : nvt/fcore_2009_12218.nasl |
2009-10-13 | Name : SLES10: Security update for bind File : nvt/sles10_bind1.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20 File : nvt/gb_solaris_112837_20.nasl |
2009-10-13 | Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19 File : nvt/gb_solaris_114265_19.nasl |
2009-10-13 | Name : Solaris Update for bind 119783-13 File : nvt/gb_solaris_119783_13.nasl |
2009-10-13 | Name : Solaris Update for bind 119784-13 File : nvt/gb_solaris_119784_13.nasl |
2009-10-11 | Name : SLES11: Security update for bind File : nvt/sles11_bind.nasl |
2009-10-10 | Name : SLES9: Security update for bind File : nvt/sles9p5054699.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1181 (bind) File : nvt/ovcesa2009_1181.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1180 (bind) File : nvt/ovcesa2009_1180.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1179 (bind) File : nvt/ovcesa2009_1179.nasl |
2009-08-17 | Name : SuSE Security Advisory SUSE-SA:2009:040 (bind) File : nvt/suse_sa_2009_040.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1179 File : nvt/RHSA_2009_1179.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:181 (bind) File : nvt/mdksa_2009_181.nasl |
2009-08-17 | Name : Ubuntu USN-808-1 (bind9) File : nvt/ubuntu_808_1.nasl |
2009-08-17 | Name : Gentoo Security Advisory GLSA 200908-02 (bind) File : nvt/glsa_200908_02.nasl |
2009-08-17 | Name : FreeBSD Ports: bind9 File : nvt/freebsd_bind91.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8119 (bind) File : nvt/fcore_2009_8119.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1847-1 (bind9) File : nvt/deb_1847_1.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1181 File : nvt/RHSA_2009_1181.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1180 File : nvt/RHSA_2009_1180.nasl |
2009-08-14 | Name : HP-UX Update for BIND HPSBUX02451 File : nvt/gb_hp_ux_HPSBUX02451.nasl |
2009-07-29 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:12.bind.asc) File : nvt/freebsdsa_bind7.nasl |
2009-07-29 | Name : ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability File : nvt/bind_cve_2009_0696.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-210-01 bind File : nvt/esoft_slk_ssa_2009_210_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56584 | ISC BIND Dynamic Update Message Handling Remote DoS BIND contains a flaw that may allow a remote denial of service. The issue is triggered when when a server receives a dynamic update message containing a record type of "ANY" and where at least one RRset for this FQDN exists on the server, and will result in loss of availability for the platform. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | ISC BIND dynamic update message denial of service attempt RuleID : 15734 - Revision : 6 - Type : PROTOCOL-DNS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-04-21 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL10366.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1181.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1180.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1179.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56317.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56311.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56312.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56313.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56314.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56315.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56316.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ56318.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090730_bind_security_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090730_bind_for_SL_5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090730_bind_for_SL_3_0_x.nasl - Type : ACT_GATHER_INFO |
2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-210-01.nasl - Type : ACT_GATHER_INFO |
2010-06-07 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1847.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1179.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_bind-6383.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_bind-6382.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_bind-090729.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12462.nasl - Type : ACT_GATHER_INFO |
2009-08-13 | Name : The remote host is missing a Mac OS X update that fixes a denial of service i... File : macosx_SecUpd2009-004.nasl - Type : ACT_GATHER_INFO |
2009-08-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200908-02.nasl - Type : ACT_GATHER_INFO |
2009-08-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_83725c917c7e11de967200e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote name server may be affected by a denial of service vulnerability. File : bind9_dyn_update_DoS.nasl - Type : ACT_DENIAL |
2009-07-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1180.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_bind-090729.nasl - Type : ACT_GATHER_INFO |
2009-07-31 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_bind-090729.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1181.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8119.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1181.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1180.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1179.nasl - Type : ACT_GATHER_INFO |
2009-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-181.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-808-1.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote name server may be affected by a denial of service vulnerability. File : bind9_dos3.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 114265-23 File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote host is missing Sun Security Patch number 112837-24 File : solaris9_112837.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote host is missing Sun Security Patch number 119784-40 File : solaris10_x86_119784.nasl - Type : ACT_GATHER_INFO |
2007-06-18 | Name : The remote host is missing Sun Security Patch number 119783-40 File : solaris10_119783.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109327-24 File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109326-24 File : solaris8_109326.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:42 |
|