(HP Issues Fix for HP-UX) BIND Dynamic Update Bug in dns_db_findrdataset() Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022681 |
|
SecurityTracker URL: http://securitytracker.com/id/1022681
|
|
CVE Reference:
CVE-2009-0696
(Links to External Site)
|
Date: Aug 7 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 9.4 prior to 9.4.3-P3, 9.5 prior to 9.5.1-P3, 9.6 prior to 9.6.1-P1
|
Description:
A vulnerability was reported in BIND. A remote user can cause denial of service conditions.
A remote user can send a specially crafted dynamic update message to a target DNS server that is a master for one or more DNS zones to cause the target DNS service to crash. Slave zones are not affected.
The flaw resides in dns_db_findrdataset() in 'db.c'.
This vulnerability is being actively exploited.
Matthias Urlichs reported this vulnerability.
|
Impact:
A remote user can cause the target DNS service to crash.
|
Solution:
HP has issued a fix for HP-UX.
The HP advisory is available at:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01835108
|
Vendor URL: www.isc.org/node/474 (Links to External Site)
|
Cause:
State error
|
Underlying OS:
UNIX (HP/UX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 6 Aug 2009 21:23:02 -0400
Subject: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01835108
|
HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01835108
CVE-2009-0696
|
|
