exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2007-0494

Status Candidate

Overview

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

Related Files

HP Security Bulletin HPSBOV03540 1
Posted Jan 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03540 1 - Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2007-0493, CVE-2007-0494, CVE-2008-0122, CVE-2009-4022, CVE-2010-0097, CVE-2012-1667, CVE-2012-4244, CVE-2012-5166
SHA-256 | 172ff73cf346da8d896484da1bbb74a962da41e89f917e23789840d3a1898675
VMware Security Advisory 2007-0006
Posted Sep 20, 2007
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates have been released for arbitrary code execution, denial of service, and other various vulnerabilities in VMware.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2007-2446, CVE-2007-2447, CVE-2007-0494, CVE-2007-2442, CVE-2007-2443, CVE-2007-2798, CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4059, CVE-2007-4155, CVE-2007-4496, CVE-2007-4497, CVE-2007-1856, CVE-2006-1174, CVE-2006-4600, CVE-2004-0813, CVE-2007-1716
SHA-256 | f186f94a09bad9dba4b82b1daa59265b1954d193e8533587d0fe2348c1f58bec
HP Security Bulletin 2006-12.73
Posted Jun 13, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2007-4339, CVE-2007-0493, CVE-2007-0494
SHA-256 | 2217842d73d06448af25ea5ab8eb0545dee6d770867809d5de54836a852b4047
HP Security Bulletin 2007-13.4
Posted Apr 19, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | unix
advisories | CVE-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2007-0493, CVE-2007-0494
SHA-256 | 0797a1c3b43486be060117b3832720006fb08eef29b1802532b5a91390b0e977
Gentoo Linux Security Advisory 200702-6
Posted Feb 20, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200702-06 - An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to type ANY queries with multiple RRsets. Versions less than 9.3.4 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-0493, CVE-2007-0494
SHA-256 | 791bff594c1ce471290ec2178d47f2f7298fc4c9f324c2479b19b5f076bd824e
FreeBSD-SA-07-02.bind.txt
Posted Feb 13, 2007
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.

tags | advisory, remote, denial of service
systems | freebsd
advisories | CVE-2007-0493, CVE-2007-0494
SHA-256 | 8468eb2d18ed5e62f05cc1b12e5a16a332d905bf12993f6630719308f3901887
Ubuntu Security Notice 418-1
Posted Feb 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 418-1 - A flaw was discovered in Bind's DNSSEC validation code. Remote attackers could send a specially crafted DNS query which would cause the Bind server to crash, resulting in a denial of service. Only servers configured to use DNSSEC extensions were vulnerable.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2007-0493, CVE-2007-0494
SHA-256 | 4e27064239e27efad0867437ada801b295703285f25ca38ca440f58e4547cb08
Mandriva Linux Security Advisory 2007.030
Posted Jan 31, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2007-0493, CVE-2007-0494
SHA-256 | 22104610fef5336817ef5f7591218626c8c9e5e0458b299194943ab75d9d9362
OpenPKG Security Advisory 2007.7
Posted Jan 30, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".

tags | advisory, remote, denial of service
advisories | CVE-2007-0493, CVE-2007-0494
SHA-256 | efdefa323f0250b7bbccf97b1808ac633e806735791adbf26f360bd1575549c6
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close