ISC BIND 9 Remote Dynamic Update Message Denial Of Service Vulnerability Network Vulnerability

Summary

ISC BIND is prone to a remote denial-of-service vulnerability because the application fails to properly handle specially crafted dynamic update requests. Successfully exploiting this issue allows remote attackers to crash affected DNS servers, denying further service to legitimate users. Versions prior to BIND 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 are vulnerable.

Solution

The vendor released an advisory and fixes to address this issue. Please see the references for more information.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
http://www.isc.org/products/BIND/
http://www.kb.cert.org/vuls/id/725188
http://www.securityfocus.com/bid/35848
https://bugzilla.redhat.com/show_bug.cgi?id=514292

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0696

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities
freeFTPD PORT Command Denial of Service Vulnerability
CUPS Denial of Service Vulnerability - Jun09

ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability

Take action and discover your vulnerabilities