(HP Issues Fix for HP-UX) BIND Memory Deference Bug Lets Remote Users Crash the Name Server
|
|
SecurityTracker Alert ID: 1018228
|
|
SecurityTracker URL: http://securitytracker.com/id?1018228
|
|
CVE Reference: CVE-2007-0493
(Links to External Site)
|
Date: Jun 12 2007
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: HP Security Bulletin
|
Version(s): 9.3.0 - 9.3.3, 9.4.x prior to 9.4.0rc2
|
Description: A vulnerability was reported in BIND. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to cause the target 'named' service to dereference a freed fetch context and potentially
crash.
The following versions are affected:
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5,
9.4.0a6, 9.4.0b1, 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1 (Bind Forum only)
|
Impact: A remote user can cause the target name service to crash.
|
Solution: HP has issued the following fixes.
BIND v9.2.0, HP-UX B.11.11:
revision B.11.11.01.009 or subsequent (see advisory for download
instructions)
BIND v9.2.0, HP-UX B.11.23:
PHNE_35920 or subsequent (available at: http://itrc.hp.com)
BIND v9.3.2, HP-UX
B.11.11:
revision C.9.3.2.1.0 or subsequent (available at: http://www.hp.com/go/softwaredepot)
BIND v9.3.2, HP-UX B.11.23:
revision
C.9.3.2.1.0 or subsequent (available at: http://www.hp.com/go/softwaredepot)
The HP advisory is available at:
https://www2.itrc.hp.com/service/cki/docDisplay.do?doc
Id=c01070495
|
Vendor URL: www.isc.org/ (Links to External Site)
|
Cause: State error
|
Underlying OS: UNIX (HP/UX)
|
Underlying OS Comments: 11.11, 11.23
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 12 Jun 2007 13:49:42 -0400
Subject: HP-UX Running BIND, Remote Denial of Service (DoS)
|
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01070495
CVE-2006-4339
CVE-2007-0493
CVE-2007-0494
|
|
