Main Vulnerability Database Vulnerabilities #VU6168

#VU6168 Assertion failure in ISC BIND - CVE-2009-0696

Published: March 24, 2017 / Updated: May 7, 2023

Vulnerability identifier: #VU6168

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2009-0696

CWE-ID: CWE-617

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
ISC BIND

Software vendor:
ISC

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to assertion failure in dns_db_findrdataset() function within db.c when named is configured as a master server. A remote unauthenticated attacker can send an ANY record in the prerequisite section of a crafted dynamic update message and trigger assertion failure and daemon exit.

Successful exploitation of this vulnerability may allow an attacker to perform denial of service (DoS) attack.

Note: this vulnerability is being actively exploited.

Remediation

Update to version 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1.

External links

https://www.kb.cert.org/vuls/id/725188

#VU6168 Assertion failure in ISC BIND - CVE-2009-0696

Description

Remediation

External links

Please verify you're human