VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
VRDA-090814-004     ( CVE-2009-0696 )
Apple Security Update 2009-004
http://support.apple.com/kb/HT3776

This document describes the security content of Security Update 2009-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.




About This Analysis Information
Analysis Information Provider:
 		JPCERT/CC
 		First Published:
 		2009-08-17
Source Information Category:
 		Advisory, Alert
 		Last Updated:
 		2009-08-17




Affected Product Tags
cpe:/o:apple:mac_os_x     (Apple Mac OS X)
cpe:/o:apple:mac_os_x_server     (Apple Mac OS X Server)
 


Vulnerability Analysis Results
[Information Source Reliability] [?]
Low [?]

Medium [?]
X High [?]
[Impact Level] [?]
Low [?]

X Low-Medium [?]
Medium-High [?]
High [?]
[Access Required] [?]
Physical [?]

Local [?]
Non-routed [?]
X Routed [?]
[Authentication] [?]
Privileged [?]

Standard [?]
Limited [?]
X None or Unnecessary [?]
[User Interaction Required] [?]
Complex [?]

Simple [?]
X None [?]
[Technical Difficulty] [?]
High [?]

Medium-High [?]
Low-Medium [?]
Low [?]
[Availability of Remediation] [?]
X Official Patch [?]

Official Workaround [?]
Unofficial Patch [?]
None [?]
[Incident Activity] [?]
None [?]

X Exploit or PoC [?]
Activity Observed [?]
Alternatives
Common Vulnerabilities and Exposures (CVE) CVE-2009-0696
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, whenconfigured as a master server, allows remote attackers to cause adenial of service (assertion failure and daemon exit) via an ANYrecord in the prerequisite section of a crafted dynamic updatemessage, as exploited in the wild in July 2009.








References
Copyright © 2009 JPCERT/CC All Rights Reserved.