Home > Vulnerability Database > CVE-2007-0494

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-0494

Date: January 25, 2007

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

Severity Score

3.7

Related Resources (69)

Url: http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618

Url: http://security.gentoo.org/glsa/glsa-200702-06.xml

Url: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html

Url: http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Url: http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619

Url: http://www.trustix.org/errata/2007/0005

Url: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1

Url: http://www.securityfocus.com/bid/22231

Url: http://fedoranews.org/cms/node/2507

Url: http://marc.info/?l=bind-announce&m=116968519300764&w=2

Url: http://secunia.com/advisories/26909

Url: http://www.isc.org/index.pl?/sw/bind/bind-security.php

Url: http://secunia.com/advisories/24129

Url: http://securitytracker.com/id?1017573

Url: http://secunia.com/advisories/24648

Url: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc

Url: http://www.vupen.com/english/advisories/2007/1939

Url: http://secunia.com/advisories/24284

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:030

Url: http://secunia.com/advisories/24048

Url: http://secunia.com/advisories/24203

Url: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc

Url: http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4

Url: http://fedoranews.org/cms/node/2537

Url: https://access.redhat.com/security/cve/CVE-2007-0494

Url: http://www.debian.org/security/2007/dsa-1254

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-0494

Url: http://www.vupen.com/english/advisories/2007/3229

Url: http://secunia.com/advisories/24930

Url: http://www.vupen.com/english/advisories/2007/1401

Url: http://secunia.com/advisories/23924

Url: http://secunia.com/advisories/24054

Url: http://www.ubuntu.com/usn/usn-418-1

Url: http://secunia.com/advisories/24014

Url: https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144

Url: http://secunia.com/advisories/25482

Url: http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324

Url: http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc

Url: http://secunia.com/advisories/23974

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157

Url: http://secunia.com/advisories/23977

Url: http://secunia.com/advisories/25715

Url: http://www.redhat.com/support/errata/RHSA-2007-0057.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/31838

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523

Url: http://secunia.com/advisories/23972

Url: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

Url: http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8

Url: http://secunia.com/advisories/24083

Url: http://docs.info.apple.com/article.html?artnum=305530

Url: http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm

Url: http://secunia.com/advisories/23904

Url: http://www.vupen.com/english/advisories/2007/2163

Url: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html

Url: http://www.vupen.com/english/advisories/2007/2002

Url: http://www.vupen.com/english/advisories/2007/2245

Url: http://secunia.com/advisories/23943

Url: http://www.vupen.com/english/advisories/2007/2315

Url: https://issues.rpath.com/browse/RPL-989

Url: http://secunia.com/advisories/23944

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495

Url: http://secunia.com/advisories/25649

Url: http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144

Url: http://secunia.com/advisories/27706

Url: http://www.redhat.com/support/errata/RHSA-2007-0044.html

Url: http://secunia.com/advisories/24950

Url: http://secunia.com/advisories/25402

Url: https://www.mend.io/vulnerability-database/CVE-2007-0494

Severity Score

3.7

Weakness Type (CWE)

Data Handling

CWE-19

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us