Launchpad.net

CVE 2009-0696

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

Related bugs and status

CVE-2009-0696 (Candidate) is related to these bugs:

Bug #406122: BIND Dynamic Update DoS

		In	Importance	Status
406122	BIND Dynamic Update DoS	bind9 (Ubuntu)	High	Fix Released
406122	BIND Dynamic Update DoS	bind9 (Ubuntu Dapper)	High	Fix Released
406122	BIND Dynamic Update DoS	bind9 (Ubuntu Hardy)	High	Fix Released
406122	BIND Dynamic Update DoS	bind9 (Ubuntu Karmic)	High	Fix Released
406122	BIND Dynamic Update DoS	bind9 (Ubuntu Jaunty)	High	Fix Released
406122	BIND Dynamic Update DoS	bind9 (Ubuntu Intrepid)	High	Fix Released
406122	BIND Dynamic Update DoS	bind9 (Debian)	Unknown	Fix Released
406122	BIND Dynamic Update DoS	bind9 (Fedora)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.isc.org/no...
OPENBSD: [4.4] 014: RELIABILITY...
SUNALERT: 264828
UBUNTU: USN-808-1
CERT-VN: VU#725188
SECUNIA: 36053
CONFIRM: http://wiki.rpath.com/...
SECTRACK: 1022613
VUPEN: ADV-2009-2036
VUPEN: ADV-2009-2088
CONFIRM: http://aix.software.ib...
CONFIRM: http://bugs.debian.org...
NETBSD: NetBSD-SA2009-013
SECUNIA: 36038
SECUNIA: 36050
SECUNIA: 36056
SECUNIA: 36063
SECUNIA: 36086
SECUNIA: 36098
SECUNIA: 36192
VUPEN: ADV-2009-2171
FEDORA: FEDORA-2009-8119
SECUNIA: 36035
CONFIRM: http://up2date.astaro....
VUPEN: ADV-2009-2247
CONFIRM: http://www.vmware.com/...
SECUNIA: 37471
VUPEN: ADV-2009-3316
CONFIRM: ftp://ftp.sco.com/pub/...
SECUNIA: 39334
SUNALERT: 1020788
SLACKWARE: SSA:2009-210-01
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090729 rPSA-2009-011...
BUGTRAQ: 20091120 VMSA-2009-001...