低危 ISC BIND up to 9.5.0a1 拒绝服务漏洞

CVE编号

CVE-2007-0494

利用情况

暂无

补丁情况

官方补丁

披露时间

2007-01-26
漏洞描述
ISC BIND 9.0.x、9.1.x、9.2.0至9.2.7、9.3.0至9.3.3、9.4.0a1至9.4.0a6、9.4.0b1至9.4.0b4、9.4.0rc1和9.5.0a1(仅限BIND Forum)允许远程攻击者通过包含多个rrset的类型*(ANY)DNS查询响应引起拒绝服务(退出),从而触发断言错误,也就是“DNSSEC验证”漏洞。
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://docs.info.apple.com/article.html?artnum=305530
http://fedoranews.org/cms/node/2507
http://fedoranews.org/cms/node/2537
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&o...
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
http://marc.info/?l=bind-announce&m=116968519300764&w=2
http://secunia.com/advisories/23904
http://secunia.com/advisories/23924
http://secunia.com/advisories/23943
http://secunia.com/advisories/23944
http://secunia.com/advisories/23972
http://secunia.com/advisories/23974
http://secunia.com/advisories/23977
http://secunia.com/advisories/24014
http://secunia.com/advisories/24048
http://secunia.com/advisories/24054
http://secunia.com/advisories/24083
http://secunia.com/advisories/24129
http://secunia.com/advisories/24203
http://secunia.com/advisories/24284
http://secunia.com/advisories/24648
http://secunia.com/advisories/24930
http://secunia.com/advisories/24950
http://secunia.com/advisories/25402
http://secunia.com/advisories/25482
http://secunia.com/advisories/25649
http://secunia.com/advisories/25715
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
http://security.gentoo.org/glsa/glsa-200702-06.xml
http://securitytracker.com/id?1017573
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackw...
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324
http://www.debian.org/security/2007/dsa-1254
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
http://www.mandriva.com/security/advisories?name=MDKSA-2007:030
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
http://www.redhat.com/support/errata/RHSA-2007-0044.html
http://www.redhat.com/support/errata/RHSA-2007-0057.html
http://www.securityfocus.com/bid/22231
http://www.trustix.org/errata/2007/0005
http://www.ubuntu.com/usn/usn-418-1
http://www.vupen.com/english/advisories/2007/1401
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/2002
http://www.vupen.com/english/advisories/2007/2163
http://www.vupen.com/english/advisories/2007/2245
http://www.vupen.com/english/advisories/2007/2315
http://www.vupen.com/english/advisories/2007/3229
https://exchange.xforce.ibmcloud.com/vulnerabilities/31838
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://issues.rpath.com/browse/RPL-989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 isc bind 9.0 -
运行在以下环境
应用 isc bind 9.0.0 -
运行在以下环境
应用 isc bind 9.0.1 -
运行在以下环境
应用 isc bind 9.1 -
运行在以下环境
应用 isc bind 9.1.0 -
运行在以下环境
应用 isc bind 9.1.1 -
运行在以下环境
应用 isc bind 9.1.2 -
运行在以下环境
应用 isc bind 9.1.3 -
运行在以下环境
应用 isc bind 9.2 -
运行在以下环境
应用 isc bind 9.2.0 -
运行在以下环境
应用 isc bind 9.2.1 -
运行在以下环境
应用 isc bind 9.2.2 -
运行在以下环境
应用 isc bind 9.2.3 -
运行在以下环境
应用 isc bind 9.2.4 -
运行在以下环境
应用 isc bind 9.2.5 -
运行在以下环境
应用 isc bind 9.2.6 -
运行在以下环境
应用 isc bind 9.3 -
运行在以下环境
应用 isc bind 9.3.0 -
运行在以下环境
应用 isc bind 9.3.1 -
运行在以下环境
应用 isc bind 9.3.2 -
运行在以下环境
应用 isc bind 9.4.0 -
运行在以下环境
应用 isc bind 9.5.0 -
运行在以下环境
系统 debian_10 bind9 * Up to
(excluding)
1:9.3.4-2
运行在以下环境
系统 debian_11 bind9 * Up to
(excluding)
1:9.3.4-2
运行在以下环境
系统 debian_12 bind9 * Up to
(excluding)
1:9.3.4-2
运行在以下环境
系统 debian_3.1 bind9 * Up to
(excluding)
1:9.2.4-1sarge2
运行在以下环境
系统 oracle_5 oraclelinux-release * Up to
(excluding)
9.3.3-8.el5
运行在以下环境
系统 redhat_5 bind * Up to
(excluding)
30:9.3.3-8.el5
阿里云评分
2.3
  • 攻击路径
    本地
  • 攻击复杂度
    困难
  • 权限要求
    普通权限
  • 影响范围
    有限影响
  • EXP成熟度
    未验证
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    -
CWE-ID 漏洞类型
阿里云安全产品覆盖情况