CVE-2009-0696
EXPLOITED IN THE WILDISC BIND 9.4-9.4.3-P2, 9.5-9.5.1-P2, 9.6-9.6.1 - Denial of Service via ANY Record in Dynamic Update
Title source: llmExploitation Summary
CVE-2009-0696 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including kingcope.
AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2009-0696, targeting a denial-of-service vulnerability in ISC BIND 9. It crafts a malformed Dynamic Update message to trigger a crash in the DNS server.
Description
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.
Exploits (1)
This is a proof-of-concept exploit for CVE-2009-0696, targeting a denial-of-service vulnerability in ISC BIND 9. It crafts a malformed Dynamic Update message to trigger a crash in the DNS server.