VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
VRDA-090729-001     ( CVE-2009-0696 | JVNVU#725188 | VU#725188 )
BIND Dynamic Update DoS
https://www.isc.org/node/474

Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.




About This Analysis Information
Analysis Information Provider:
 		JPCERT/CC
 		First Published:
 		2009-07-29
Source Information Category:
 		Advisory, Alert
 		Last Updated:
 		2009-07-29




Affected Product Tags
cpe:/a:isc:bind     (ISC BIND)
 


Vulnerability Analysis Results
[Information Source Reliability] [?]
Low [?]

Medium [?]
X High [?]
[Impact Level] [?]
Low [?]

Low-Medium [?]
X Medium-High [?]
High [?]
[Access Required] [?]
Physical [?]

Local [?]
Non-routed [?]
X Routed [?]
[Authentication] [?]
Privileged [?]

Standard [?]
Limited [?]
X None or Unnecessary [?]
[User Interaction Required] [?]
Complex [?]

Simple [?]
X None [?]
[Technical Difficulty] [?]
High [?]

Medium-High [?]
Low-Medium [?]
Low [?]
[Availability of Remediation] [?]
X Official Patch [?]

Official Workaround [?]
Unofficial Patch [?]
None [?]
[Incident Activity] [?]
None [?]

X Exploit or PoC [?]
Activity Observed [?]
Alternatives
Common Vulnerabilities and Exposures (CVE) CVE-2009-0696




JVN JVNVU#725188 ISC BIND 9 におけるサービス運用妨害 (DoS) の脆弱性
Internet Systems Consortium (ISC) が提供する BIND 9 には、サービス運用妨害 (DoS) の脆弱性が存在します。




US-CERT Vulnerability Note VU#725188 ISC BIND 9 vulnerable to denial of service via dynamic update request
ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.








References
Copyright © 2009 JPCERT/CC All Rights Reserved.