CVE-2007-0494

ISC BIND 9.0.x-9.4.0rc1 DNSSEC Validation DoS

Title source: llm

Description

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

References (66)

Core 66

Core References

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:030

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0057.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31838

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22231

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0044.html

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144

Patch x_refsource_confirm

http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8

Various Sources x_refsource_confirm

http://www.isc.org/index.pl?/sw/bind/bind-security.php

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-418-1

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619

Patch x_refsource_confirm

http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017573

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=305530

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23944

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200702-06.xml

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24129

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24048

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1939

Various Sources vendor-advisory x_refsource_freebsd

http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc

Various Sources vendor-advisory x_refsource_hp

https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

Vendor Advisory vendor-advisory x_refsource_openpkg

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3229

Vendor Advisory vendor-advisory x_refsource_netbsd

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23943

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25482

Vendor Advisory vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2007/0005

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1254

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25402

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24083

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25649

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24284

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24930

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24648

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2163

Mailing List vendor-advisory x_refsource_fedora

http://fedoranews.org/cms/node/2537

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25715

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23977

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523

Mailing List mailing-list x_refsource_mlist

http://marc.info/?l=bind-announce&m=116968519300764&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26909

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2002

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24203

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27706

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24014

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24054

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23974

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2315

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2245

Various Sources vendor-advisory x_refsource_suse

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-989

Various Sources x_refsource_confirm

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1401

Mailing List vendor-advisory x_refsource_fedora

http://fedoranews.org/cms/node/2507

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23904

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23924

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24950

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23972

Scores

EPSS 0.4154

EPSS Percentile 97.5%

Details

CWE

CWE-19

Status published

Products (12)

isc/bind 9.0

isc/bind 9.0.0 rc1 (6 CPE variants)

isc/bind 9.0.1 (3 CPE variants)

isc/bind 9.1

isc/bind 9.1.0 rc1

isc/bind 9.1.1 (8 CPE variants)

isc/bind 9.1.2 (2 CPE variants)

isc/bind 9.1.3 (4 CPE variants)

isc/bind 9.2

isc/bind 9.2.0 (16 CPE variants)

... and 2 more

Published Jan 25, 2007

Tracked Since Feb 18, 2026