Executive Summary

Summary
Titlebind security update
Informations
NameRHSA-2009:1179First vendor Publication2009-07-29
VendorRedHatLast vendor Modification2009-07-29
Severity (Vendor) ImportantRevision02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated bind packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

[Updated 29th July 2009]
The packages in this erratum have been updated to also correct this issue
in the bind-sdb package.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handles dynamic update message packets
containing the "ANY" record type. A remote attacker could use this flaw to
send a specially-crafted dynamic update packet that could cause named to
exit with an assertion failure. (CVE-2009-0696)

Note: even if named is not configured for dynamic updates, receiving such
a specially-crafted dynamic update packet could still cause named to exit
unexpectedly.

All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

514292 - CVE-2009-0696 bind: DoS (assertion failure) via nsupdate packets

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1179.html

CWE : Common Weakness Enumeration

idName
CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7806
 
Oval ID: oval:org.mitre.oval:def:7806
Title: VMware BIND vulnerability
Description: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0696
Version: 4
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12245
 
Oval ID: oval:org.mitre.oval:def:12245
Title: HP-UX Running BIND, Remote Denial of Service (DoS)
Description: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0696
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10414
 
Oval ID: oval:org.mitre.oval:def:10414
Title: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
Description: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0696
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22864
 
Oval ID: oval:org.mitre.oval:def:22864
Title: ELSA-2009:1179: bind security update (Important)
Description: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
Family: unix Class: patch
Reference(s): ELSA-2009:1179-02
CVE-2009-0696
Version: 3
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application54

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for bind CESA-2009:1179 centos5 i386
File : nvt/gb_CESA-2009_1179_bind_centos5_i386.nasl
2011-08-09Name : CentOS Update for bind CESA-2009:1180 centos4 i386
File : nvt/gb_CESA-2009_1180_bind_centos4_i386.nasl
2011-08-09Name : CentOS Update for bind CESA-2009:1181 centos3 i386
File : nvt/gb_CESA-2009_1181_bind_centos3_i386.nasl
2010-05-12Name : Mac OS X Security Update 2009-004
File : nvt/macosx_secupd_2009-004.nasl
2010-03-02Name : Fedora Update for bind FEDORA-2010-0861
File : nvt/gb_fedora_2010_0861_bind_fc11.nasl
2009-12-03Name : Fedora Core 11 FEDORA-2009-12218 (bind)
File : nvt/fcore_2009_12218.nasl
2009-10-13Name : SLES10: Security update for bind
File : nvt/sles10_bind1.nasl
2009-10-13Name : Solaris Update for in.dhcpd libresolv and BIND9 112837-20
File : nvt/gb_solaris_112837_20.nasl
2009-10-13Name : Solaris Update for bind 119783-13
File : nvt/gb_solaris_119783_13.nasl
2009-10-13Name : Solaris Update for bind 119784-13
File : nvt/gb_solaris_119784_13.nasl
2009-10-13Name : Solaris Update for in.dhcpd libresolv and BIND9 114265-19
File : nvt/gb_solaris_114265_19.nasl
2009-10-11Name : SLES11: Security update for bind
File : nvt/sles11_bind.nasl
2009-10-10Name : SLES9: Security update for bind
File : nvt/sles9p5054699.nasl
2009-08-17Name : Fedora Core 11 FEDORA-2009-8119 (bind)
File : nvt/fcore_2009_8119.nasl
2009-08-17Name : FreeBSD Ports: bind9
File : nvt/freebsd_bind91.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1179
File : nvt/RHSA_2009_1179.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1180
File : nvt/RHSA_2009_1180.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1181
File : nvt/RHSA_2009_1181.nasl
2009-08-17Name : Debian Security Advisory DSA 1847-1 (bind9)
File : nvt/deb_1847_1.nasl
2009-08-17Name : Gentoo Security Advisory GLSA 200908-02 (bind)
File : nvt/glsa_200908_02.nasl
2009-08-17Name : Ubuntu USN-808-1 (bind9)
File : nvt/ubuntu_808_1.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:181 (bind)
File : nvt/mdksa_2009_181.nasl
2009-08-17Name : SuSE Security Advisory SUSE-SA:2009:040 (bind)
File : nvt/suse_sa_2009_040.nasl
2009-08-17Name : CentOS Security Advisory CESA-2009:1179 (bind)
File : nvt/ovcesa2009_1179.nasl
2009-08-17Name : CentOS Security Advisory CESA-2009:1180 (bind)
File : nvt/ovcesa2009_1180.nasl
2009-08-17Name : CentOS Security Advisory CESA-2009:1181 (bind)
File : nvt/ovcesa2009_1181.nasl
2009-08-14Name : HP-UX Update for BIND HPSBUX02451
File : nvt/gb_hp_ux_HPSBUX02451.nasl
2009-07-29Name : FreeBSD Security Advisory (FreeBSD-SA-09:12.bind.asc)
File : nvt/freebsdsa_bind7.nasl
2009-07-29Name : ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
File : nvt/bind_cve_2009_0696.nasl
0000-00-00Name : Slackware Advisory SSA:2009-210-01 bind
File : nvt/esoft_slk_ssa_2009_210_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
56584ISC BIND Dynamic Update Message Handling Remote DoS

Snort® IPS/IDS

DateDescription
2014-01-10BIND named 9 dynamic update message remote dos attempt
RuleID : 15734 - Revision : 4 - Type : BAD-TRAFFIC

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1179.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1180.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1181.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56311.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56312.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56313.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56314.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56315.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56316.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56317.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote AIX host is missing a security patch.
File : aix_IZ56318.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090730_bind_for_SL_3_0_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090730_bind_for_SL_5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090730_bind_security_for_SL_4_x.nasl - Type : ACT_GATHER_INFO
2011-05-28Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-210-01.nasl - Type : ACT_GATHER_INFO
2010-06-07Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1847.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1179.nasl - Type : ACT_GATHER_INFO
2009-11-23Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote SuSE system is missing the security patch bind-6383
File : suse_bind-6383.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_bind-6382.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12462.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_bind-090729.nasl - Type : ACT_GATHER_INFO
2009-08-13Name : The remote host is missing a Mac OS X update that fixes a denial of service i...
File : macosx_SecUpd2009-004.nasl - Type : ACT_GATHER_INFO
2009-08-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200908-02.nasl - Type : ACT_GATHER_INFO
2009-08-03Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_83725c917c7e11de967200e0815b8da8.nasl - Type : ACT_GATHER_INFO
2009-07-31Name : The remote SuSE system is missing a security patch for bind
File : suse_11_1_bind-090729.nasl - Type : ACT_GATHER_INFO
2009-07-31Name : The remote SuSE system is missing a security patch for bind
File : suse_11_0_bind-090729.nasl - Type : ACT_GATHER_INFO
2009-07-31Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1180.nasl - Type : ACT_GATHER_INFO
2009-07-31Name : The remote name server may be affected by a denial of service vulnerability.
File : bind9_dyn_update_DoS.nasl - Type : ACT_DENIAL
2009-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1179.nasl - Type : ACT_GATHER_INFO
2009-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1180.nasl - Type : ACT_GATHER_INFO
2009-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1181.nasl - Type : ACT_GATHER_INFO
2009-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-181.nasl - Type : ACT_GATHER_INFO
2009-07-30Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1181.nasl - Type : ACT_GATHER_INFO
2009-07-30Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-8119.nasl - Type : ACT_GATHER_INFO
2009-07-29Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-808-1.nasl - Type : ACT_GATHER_INFO
2009-07-29Name : The remote name server may be affected by a denial of service vulnerability.
File : bind9_dos3.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote host is missing Sun Security Patch number 114265-23
File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO
2007-09-25Name : The remote host is missing Sun Security Patch number 112837-24
File : solaris9_112837.nasl - Type : ACT_GATHER_INFO
2007-06-18Name : The remote host is missing Sun Security Patch number 119783-28
File : solaris10_119783.nasl - Type : ACT_GATHER_INFO
2007-06-18Name : The remote host is missing Sun Security Patch number 119784-28
File : solaris10_x86_119784.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 109326-24
File : solaris8_109326.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 109327-24
File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:52:42
  • Multiple Updates