CVE-2009-0696

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.

Affected Software

Name	Vendor	Start Version	End Version
Bind	Isc	9.4 (including)	9.4 (including)
Bind	Isc	9.4.0 (including)	9.4.0 (including)
Bind	Isc	9.4.0-a1 (including)	9.4.0-a1 (including)
Bind	Isc	9.4.0-a2 (including)	9.4.0-a2 (including)
Bind	Isc	9.4.0-a3 (including)	9.4.0-a3 (including)
Bind	Isc	9.4.0-a4 (including)	9.4.0-a4 (including)
Bind	Isc	9.4.0-a5 (including)	9.4.0-a5 (including)
Bind	Isc	9.4.0-a6 (including)	9.4.0-a6 (including)
Bind	Isc	9.4.0-b1 (including)	9.4.0-b1 (including)
Bind	Isc	9.4.0-b2 (including)	9.4.0-b2 (including)
Bind	Isc	9.4.0-b3 (including)	9.4.0-b3 (including)
Bind	Isc	9.4.0-b4 (including)	9.4.0-b4 (including)
Bind	Isc	9.4.0-rc1 (including)	9.4.0-rc1 (including)
Bind	Isc	9.4.0-rc2 (including)	9.4.0-rc2 (including)
Bind	Isc	9.4.1 (including)	9.4.1 (including)
Bind	Isc	9.4.2 (including)	9.4.2 (including)
Bind	Isc	9.4.2-rc1 (including)	9.4.2-rc1 (including)
Bind	Isc	9.4.2-rc2 (including)	9.4.2-rc2 (including)
Bind	Isc	9.4.3 (including)	9.4.3 (including)
Bind	Isc	9.4.3-b1 (including)	9.4.3-b1 (including)
Bind	Isc	9.4.3-b2 (including)	9.4.3-b2 (including)
Bind	Isc	9.4.3-b3 (including)	9.4.3-b3 (including)
Bind	Isc	9.4.3-p2 (including)	9.4.3-p2 (including)
Bind	Isc	9.5 (including)	9.5 (including)
Bind	Isc	9.5.0 (including)	9.5.0 (including)
Bind	Isc	9.5.0-a1 (including)	9.5.0-a1 (including)
Bind	Isc	9.5.0-a2 (including)	9.5.0-a2 (including)
Bind	Isc	9.5.0-a3 (including)	9.5.0-a3 (including)
Bind	Isc	9.5.0-a4 (including)	9.5.0-a4 (including)
Bind	Isc	9.5.0-a5 (including)	9.5.0-a5 (including)
Bind	Isc	9.5.0-a6 (including)	9.5.0-a6 (including)
Bind	Isc	9.5.0-a7 (including)	9.5.0-a7 (including)
Bind	Isc	9.5.0-b1 (including)	9.5.0-b1 (including)
Bind	Isc	9.5.0-b2 (including)	9.5.0-b2 (including)
Bind	Isc	9.5.0-b3 (including)	9.5.0-b3 (including)
Bind	Isc	9.5.0-p1 (including)	9.5.0-p1 (including)
Bind	Isc	9.5.0-p2 (including)	9.5.0-p2 (including)
Bind	Isc	9.5.0-p2_w1 (including)	9.5.0-p2_w1 (including)
Bind	Isc	9.5.0-p2_w2 (including)	9.5.0-p2_w2 (including)
Bind	Isc	9.6 (including)	9.6 (including)
Bind	Isc	9.6-r1 (including)	9.6-r1 (including)
Bind	Isc	9.6-r2 (including)	9.6-r2 (including)
Bind	Isc	9.6-r3 (including)	9.6-r3 (including)
Bind	Isc	9.6-r4 (including)	9.6-r4 (including)
Bind	Isc	9.6-r4_p1 (including)	9.6-r4_p1 (including)
Bind	Isc	9.6-r5 (including)	9.6-r5 (including)
Bind	Isc	9.6-r5_b1 (including)	9.6-r5_b1 (including)
Bind	Isc	9.6-r5_p1 (including)	9.6-r5_p1 (including)
Bind	Isc	9.6-r6 (including)	9.6-r6 (including)
Bind	Isc	9.6-r6_b1 (including)	9.6-r6_b1 (including)
Bind	Isc	9.6-r6_rc1 (including)	9.6-r6_rc1 (including)
Bind	Isc	9.6-r6_rc2 (including)	9.6-r6_rc2 (including)
Bind	Isc	9.6-r7 (including)	9.6-r7 (including)
Bind	Isc	9.6-r7_p1 (including)	9.6-r7_p1 (including)
Bind	Isc	9.6-r7_p2 (including)	9.6-r7_p2 (including)
Bind	Isc	9.6-r9 (including)	9.6-r9 (including)
Bind	Isc	9.6-r9_p1 (including)	9.6-r9_p1 (including)
Bind	Isc	9.6.0 (including)	9.6.0 (including)
Bind	Isc	9.6.0-a1 (including)	9.6.0-a1 (including)
Bind	Isc	9.6.0-b1 (including)	9.6.0-b1 (including)
Bind	Isc	9.6.0-p1 (including)	9.6.0-p1 (including)
Bind	Isc	9.6.0-rc1 (including)	9.6.0-rc1 (including)
Bind	Isc	9.6.0-rc2 (including)	9.6.0-rc2 (including)
Bind	Isc	9.6.1 (including)	9.6.1 (including)
Bind	Isc	9.6.1-b1 (including)	9.6.1-b1 (including)
Red Hat Enterprise Linux 3	RedHat	bind-20:9.2.4-25.el3	*
Red Hat Enterprise Linux 4	RedHat	bind-20:9.2.4-30.el4_8.4	*
Red Hat Enterprise Linux 5	RedHat	bind-30:9.3.4-10.P1.el5_3.3	*
Bind9	Ubuntu	dapper	*
Bind9	Ubuntu	hardy	*
Bind9	Ubuntu	intrepid	*
Bind9	Ubuntu	jaunty	*
Bind9	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0696
CWE	https://cwe.mitre.org/data/definitions/16.html

Affected Software

References