CVE-2007-0494

high

Description

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

References

https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523

https://issues.rpath.com/browse/RPL-989

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

https://exchange.xforce.ibmcloud.com/vulnerabilities/31838

http://www.vupen.com/english/advisories/2007/3229

http://www.vupen.com/english/advisories/2007/2315

http://www.vupen.com/english/advisories/2007/2245

http://www.vupen.com/english/advisories/2007/2163

http://www.vupen.com/english/advisories/2007/2002

http://www.vupen.com/english/advisories/2007/1939

http://www.vupen.com/english/advisories/2007/1401

http://www.ubuntu.com/usn/usn-418-1

http://www.trustix.org/errata/2007/0005

http://www.securityfocus.com/bid/22231

http://www.redhat.com/support/errata/RHSA-2007-0057.html

http://www.redhat.com/support/errata/RHSA-2007-0044.html

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:030

http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4

http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8

http://www.isc.org/index.pl?/sw/bind/bind-security.php

http://www.debian.org/security/2007/dsa-1254

http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324

http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144

http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619

http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618

http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157

http://securitytracker.com/id?1017573

http://security.gentoo.org/glsa/glsa-200702-06.xml

http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc

http://secunia.com/advisories/27706

http://secunia.com/advisories/26909

http://secunia.com/advisories/25715

http://secunia.com/advisories/25649

http://secunia.com/advisories/25482

http://secunia.com/advisories/25402

http://secunia.com/advisories/24950

http://secunia.com/advisories/24930

http://secunia.com/advisories/24648

http://secunia.com/advisories/24284

http://secunia.com/advisories/24203

http://secunia.com/advisories/24129

http://secunia.com/advisories/24083

http://secunia.com/advisories/24054

http://secunia.com/advisories/24048

http://secunia.com/advisories/24014

http://secunia.com/advisories/23977

http://secunia.com/advisories/23974

http://secunia.com/advisories/23972

http://secunia.com/advisories/23944

http://secunia.com/advisories/23943

http://secunia.com/advisories/23924

http://secunia.com/advisories/23904

http://marc.info/?l=bind-announce&m=116968519300764&w=2

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc

http://fedoranews.org/cms/node/2537

http://fedoranews.org/cms/node/2507

http://docs.info.apple.com/article.html?artnum=305530

Details

Source: Mitre, NVD

Published: 2007-01-25

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High