CVE-2009-0696

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

Affected Software

Name	Vendor	Start Version	End Version
Bind	Isc	9.4 (including)	9.4 (including)
Bind	Isc	9.4.0 (including)	9.4.0 (including)
Bind	Isc	9.4.0-a1 (including)	9.4.0-a1 (including)
Bind	Isc	9.4.0-a2 (including)	9.4.0-a2 (including)
Bind	Isc	9.4.0-a3 (including)	9.4.0-a3 (including)
Bind	Isc	9.4.0-a4 (including)	9.4.0-a4 (including)
Bind	Isc	9.4.0-a5 (including)	9.4.0-a5 (including)
Bind	Isc	9.4.0-a6 (including)	9.4.0-a6 (including)
Bind	Isc	9.4.0-b1 (including)	9.4.0-b1 (including)
Bind	Isc	9.4.0-b2 (including)	9.4.0-b2 (including)
Bind	Isc	9.4.0-b3 (including)	9.4.0-b3 (including)
Bind	Isc	9.4.0-b4 (including)	9.4.0-b4 (including)
Bind	Isc	9.4.0-rc1 (including)	9.4.0-rc1 (including)
Bind	Isc	9.4.0-rc2 (including)	9.4.0-rc2 (including)
Bind	Isc	9.4.1 (including)	9.4.1 (including)
Bind	Isc	9.4.2 (including)	9.4.2 (including)
Bind	Isc	9.4.2-rc1 (including)	9.4.2-rc1 (including)
Bind	Isc	9.4.2-rc2 (including)	9.4.2-rc2 (including)
Bind	Isc	9.4.3 (including)	9.4.3 (including)
Bind	Isc	9.4.3-b1 (including)	9.4.3-b1 (including)
Bind	Isc	9.4.3-b2 (including)	9.4.3-b2 (including)
Bind	Isc	9.4.3-b3 (including)	9.4.3-b3 (including)
Bind	Isc	9.4.3-p2 (including)	9.4.3-p2 (including)
Bind	Isc	9.5 (including)	9.5 (including)
Bind	Isc	9.5.0 (including)	9.5.0 (including)
Bind	Isc	9.5.0-a1 (including)	9.5.0-a1 (including)
Bind	Isc	9.5.0-a2 (including)	9.5.0-a2 (including)
Bind	Isc	9.5.0-a3 (including)	9.5.0-a3 (including)
Bind	Isc	9.5.0-a4 (including)	9.5.0-a4 (including)
Bind	Isc	9.5.0-a5 (including)	9.5.0-a5 (including)
Bind	Isc	9.5.0-a6 (including)	9.5.0-a6 (including)
Bind	Isc	9.5.0-a7 (including)	9.5.0-a7 (including)
Bind	Isc	9.5.0-b1 (including)	9.5.0-b1 (including)
Bind	Isc	9.5.0-b2 (including)	9.5.0-b2 (including)
Bind	Isc	9.5.0-b3 (including)	9.5.0-b3 (including)
Bind	Isc	9.5.0-p1 (including)	9.5.0-p1 (including)
Bind	Isc	9.5.0-p2 (including)	9.5.0-p2 (including)
Bind	Isc	9.5.0-p2_w1 (including)	9.5.0-p2_w1 (including)
Bind	Isc	9.5.0-p2_w2 (including)	9.5.0-p2_w2 (including)
Bind	Isc	9.6 (including)	9.6 (including)
Bind	Isc	9.6-r1 (including)	9.6-r1 (including)
Bind	Isc	9.6-r2 (including)	9.6-r2 (including)
Bind	Isc	9.6-r3 (including)	9.6-r3 (including)
Bind	Isc	9.6-r4 (including)	9.6-r4 (including)
Bind	Isc	9.6-r4_p1 (including)	9.6-r4_p1 (including)
Bind	Isc	9.6-r5 (including)	9.6-r5 (including)
Bind	Isc	9.6-r5_b1 (including)	9.6-r5_b1 (including)
Bind	Isc	9.6-r5_p1 (including)	9.6-r5_p1 (including)
Bind	Isc	9.6-r6 (including)	9.6-r6 (including)
Bind	Isc	9.6-r6_b1 (including)	9.6-r6_b1 (including)
Bind	Isc	9.6-r6_rc1 (including)	9.6-r6_rc1 (including)
Bind	Isc	9.6-r6_rc2 (including)	9.6-r6_rc2 (including)
Bind	Isc	9.6-r7 (including)	9.6-r7 (including)
Bind	Isc	9.6-r7_p1 (including)	9.6-r7_p1 (including)
Bind	Isc	9.6-r7_p2 (including)	9.6-r7_p2 (including)
Bind	Isc	9.6-r9 (including)	9.6-r9 (including)
Bind	Isc	9.6-r9_p1 (including)	9.6-r9_p1 (including)
Bind	Isc	9.6.0 (including)	9.6.0 (including)
Bind	Isc	9.6.0-a1 (including)	9.6.0-a1 (including)
Bind	Isc	9.6.0-b1 (including)	9.6.0-b1 (including)
Bind	Isc	9.6.0-p1 (including)	9.6.0-p1 (including)
Bind	Isc	9.6.0-rc1 (including)	9.6.0-rc1 (including)
Bind	Isc	9.6.0-rc2 (including)	9.6.0-rc2 (including)
Bind	Isc	9.6.1 (including)	9.6.1 (including)
Bind	Isc	9.6.1-b1 (including)	9.6.1-b1 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0696
CWE	https://cwe.mitre.org/data/definitions/16.html

Affected Software

References