Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:
CVE Vulnerabilities
40599
Checklists
129
US-CERT Alerts
191
US-CERT Vuln Notes
2369
OVAL Queries
2517
CPE Names
20312

Last updated: Tue Feb 09 19:31:33 EST 2010

CVE Publication rate: 10.17

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 5.79

About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber-Alert System

Vulnerability Summary for CVE-2009-0696

Original release date:07/29/2009
Last revised:12/19/2009
Source: US-CERT/NIST

Overview

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#725188
Name: VU#725188
Hyperlink:http://www.kb.cert.org/vuls/id/725188
External Source: CONFIRM
Name: https://www.isc.org/node/474
Type: Advisory; Patch Information
Hyperlink:https://www.isc.org/node/474
External Source: FEDORA
Name: FEDORA-2009-8119
Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html
External Source: VUPEN
Name: ADV-2009-3316
Hyperlink:http://www.vupen.com/english/advisories/2009/3316
External Source: VUPEN
Name: ADV-2009-2247
Hyperlink:http://www.vupen.com/english/advisories/2009/2247
External Source: VUPEN
Name: ADV-2009-2171
Hyperlink:http://www.vupen.com/english/advisories/2009/2171
External Source: VUPEN
Name: ADV-2009-2088
Hyperlink:http://www.vupen.com/english/advisories/2009/2088
External Source: VUPEN
Name: ADV-2009-2036
Hyperlink:http://www.vupen.com/english/advisories/2009/2036
External Source: CONFIRM
Name: http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Hyperlink:http://www.vmware.com/security/advisories/VMSA-2009-0016.html
External Source: UBUNTU
Name: USN-808-1
Hyperlink:http://www.ubuntu.com/usn/usn-808-1
External Source: SLACKWARE
Name: SSA:2009-210-01
Hyperlink:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499
External Source: SECTRACK
Name: 1022613
Hyperlink:http://www.securitytracker.com/id?1022613
External Source: BUGTRAQ
Name: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
External Source: BUGTRAQ
Name: 20090729 rPSA-2009-0113-1 bind bind-utils
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/505403/100/0/threaded
External Source: OPENBSD
Name: [4.4] 014: RELIABILITY FIX: July 29, 2009
Hyperlink:http://www.openbsd.org/errata44.html#014_bind
External Source: CONFIRM
Name: http://wiki.rpath.com/Advisories:rPSA-2009-0113
Hyperlink:http://wiki.rpath.com/Advisories:rPSA-2009-0113
External Source: CONFIRM
Name: http://up2date.astaro.com/2009/08/up2date_7505_released.html
Hyperlink:http://up2date.astaro.com/2009/08/up2date_7505_released.html
External Source: SUNALERT
Name: 264828
Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1
External Source: SECUNIA
Name: 37471
Hyperlink:http://secunia.com/advisories/37471
External Source: SECUNIA
Name: 36192
Hyperlink:http://secunia.com/advisories/36192
External Source: SECUNIA
Name: 36098
Hyperlink:http://secunia.com/advisories/36098
External Source: SECUNIA
Name: 36086
Hyperlink:http://secunia.com/advisories/36086
External Source: SECUNIA
Name: 36063
Hyperlink:http://secunia.com/advisories/36063
External Source: SECUNIA
Name: 36056
Hyperlink:http://secunia.com/advisories/36056
External Source: SECUNIA
Name: 36053
Hyperlink:http://secunia.com/advisories/36053
External Source: SECUNIA
Name: 36050
Hyperlink:http://secunia.com/advisories/36050
External Source: SECUNIA
Name: 36038
Hyperlink:http://secunia.com/advisories/36038
External Source: SECUNIA
Name: 36035
Hyperlink:http://secunia.com/advisories/36035
External Source: CONFIRM
Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
External Source: CONFIRM
Name: http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc
Hyperlink:http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc
External Source: NETBSD
Name: NetBSD-SA2009-013
Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc

Vulnerable software and versions

Nav control imageConfiguration 1
spacerNav control imageOR
spacerspacerNav control image* cpe:/a:isc:bind:9.4
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0:rc1
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0a1
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0a2
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0a3
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0a4
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0a5
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0a6
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0b1
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0b2
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0b3
spacerspacerNav control image* cpe:/a:isc:bind:9.4.0b4
spacerspacerNav control image* cpe:/a:isc:bind:9.4.1
spacerspacerNav control image* cpe:/a:isc:bind:9.4.2
spacerspacerNav control image* cpe:/a:isc:bind:9.4.2-p2-w1:windows
spacerspacerNav control image* cpe:/a:isc:bind:9.4.3
spacerspacerNav control image* cpe:/a:isc:bind:9.4.3:rc1
spacerspacerNav control image* cpe:/a:isc:bind:9.4.3b1
spacerspacerNav control image* cpe:/a:isc:bind:9.4.3b2
spacerspacerNav control image* cpe:/a:isc:bind:9.4.3b3
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0-p2
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0-p2-w2
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0-p2-w1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0-p1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0b1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a7
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a6
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0
spacerspacerNav control image* cpe:/a:isc:bind:9.5.1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0:rc1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0b3
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0b2
spacerspacerNav control image* cpe:/a:isc:bind:9.5.1:rc1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.1b3
spacerspacerNav control image* cpe:/a:isc:bind:9.5.1b2
spacerspacerNav control image* cpe:/a:isc:bind:9.5.1b1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a4
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a5
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a1::bind_forum
spacerspacerNav control image* cpe:/a:isc:bind:9.5.1:rc2
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a2
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a3
spacerspacerNav control image* cpe:/a:isc:bind:9.5
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0a1
spacerspacerNav control image* cpe:/a:isc:bind:9.5.0-p2-w1:windows
spacerspacerNav control image* cpe:/a:isc:bind:9.6.0
spacerspacerNav control image* cpe:/a:isc:bind:9.6.0b1
spacerspacerNav control image* cpe:/a:isc:bind:9.6.0a1
spacerspacerNav control image* cpe:/a:isc:bind:9.6.0:p1
spacerspacerNav control image* cpe:/a:isc:bind:9.6.0:rc2
spacerspacerNav control image* cpe:/a:isc:bind:9.6.0:rc1
spacerspacerNav control image* cpe:/a:isc:bind:9.4.3:p2
spacerspacerNav control image* cpe:/a:isc:bind:9.6.1
* Denotes Vulnerable Software
* Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696