(HP Issues Fix for HP-UX) BIND Memory Deference Bug Lets Remote Users Crash the Name Server
|
|
SecurityTracker Alert ID: 1018228 |
|
SecurityTracker URL: http://securitytracker.com/id/1018228
|
|
CVE Reference:
CVE-2007-0493
(Links to External Site)
|
Date: Jun 12 2007
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.3.0 - 9.3.3, 9.4.x prior to 9.4.0rc2
|
Description:
A vulnerability was reported in BIND. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to cause the target 'named' service to dereference a freed fetch context and potentially crash.
The following versions are affected:
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1, 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1 (Bind Forum only)
|
Impact:
A remote user can cause the target name service to crash.
|
Solution:
HP has issued the following fixes.
BIND v9.2.0, HP-UX B.11.11:
revision B.11.11.01.009 or subsequent (see advisory for download instructions)
BIND v9.2.0, HP-UX B.11.23:
PHNE_35920 or subsequent (available at: http://itrc.hp.com)
BIND v9.3.2, HP-UX B.11.11:
revision C.9.3.2.1.0 or subsequent (available at: http://www.hp.com/go/softwaredepot)
BIND v9.3.2, HP-UX B.11.23:
revision C.9.3.2.1.0 or subsequent (available at: http://www.hp.com/go/softwaredepot)
The HP advisory is available at:
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01070495
|
Vendor URL: www.isc.org/ (Links to External Site)
|
Cause:
State error
|
Underlying OS:
UNIX (HP/UX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 12 Jun 2007 13:49:42 -0400
Subject: HP-UX Running BIND, Remote Denial of Service (DoS)
|
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01070495
CVE-2006-4339
CVE-2007-0493
CVE-2007-0494
|
|
