Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://www.kb.cert.org/vuls/id/725188
https://www.isc.org/node/474
http://www.vuxml.org/freebsd/83725c91-7c7e-11de-9672-00e0815b8da8.html
Insight
The following packages are affected:
bind9
bind9-sdb-postgresql
bind9-sdb-ldap
CVE-2009-0696
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.
Severity
Classification
-
CVE CVE-2009-0696 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities