what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2007-0494

Status Candidate

Overview

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

Related Files

HP Security Bulletin HPSBOV03540 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03540 1 - Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2007-0493, CVE-2007-0494, CVE-2008-0122, CVE-2009-4022, CVE-2010-0097, CVE-2012-1667, CVE-2012-4244, CVE-2012-5166
MD5 | 595a4df292feaba6a50f97e0a2a55b79
VMware Security Advisory 2007-0006
Posted Sep 20, 2007
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates have been released for arbitrary code execution, denial of service, and other various vulnerabilities in VMware.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2007-2446, CVE-2007-2447, CVE-2007-0494, CVE-2007-2442, CVE-2007-2443, CVE-2007-2798, CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4059, CVE-2007-4155, CVE-2007-4496, CVE-2007-4497, CVE-2007-1856, CVE-2006-1174, CVE-2006-4600, CVE-2004-0813, CVE-2007-1716
MD5 | 75a1ac8862ee8690edac336336695646
HP Security Bulletin 2006-12.73
Posted Jun 13, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2007-4339, CVE-2007-0493, CVE-2007-0494
MD5 | 74a843699337ab3d17789ce803e731a0
HP Security Bulletin 2007-13.4
Posted Apr 19, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | unix
advisories | CVE-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2007-0493, CVE-2007-0494
MD5 | aca30274a0222d588d8c6901112ef997
Gentoo Linux Security Advisory 200702-6
Posted Feb 20, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200702-06 - An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to type ANY queries with multiple RRsets. Versions less than 9.3.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | 10a59ea72a839fc8b8c79974e0e057a1
FreeBSD-SA-07-02.bind.txt
Posted Feb 13, 2007
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | 7dd0ce5e15ea2a438e64c71a1c893c96
Ubuntu Security Notice 418-1
Posted Feb 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 418-1 - A flaw was discovered in Bind's DNSSEC validation code. Remote attackers could send a specially crafted DNS query which would cause the Bind server to crash, resulting in a denial of service. Only servers configured to use DNSSEC extensions were vulnerable.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | 41abac30121fdc265f3ded01646f1ed8
Mandriva Linux Security Advisory 2007.030
Posted Jan 31, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | d06c0a7f871f388b7272710bf3a0e971
OpenPKG Security Advisory 2007.7
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".

tags | advisory, remote, denial of service
advisories | CVE-2007-0493, CVE-2007-0494
MD5 | ef98c338e7f5a017b8877bfeaad6e259
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close