CVE-2009-0696

Name of the Vulnerable Software and Affected Versions ISC BIND versions prior to 9.4.3-P3 ISC BIND versions prior to 9.5.1-P3 ISC BIND versions prior to 9.6.1-P1 liblwres40 (affected versions not specified) libisccfg40 (affected versions not specified) libisc45 (affected versions not specified) libisccc40 (affected versions not specified) libdns45 (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the ISC BIND software and various Debian GNU/Linux packages, which can lead to a denial of service. The vulnerabilities can be exploited remotely. Specifically, the dns db findrdataset function in db.c in named in ISC BIND, when configured as a master server, allows remote attackers to cause a denial of service via an ANY record in the prerequisite section of a crafted dynamic update message. This type of attack has been exploited in the wild.

Recommendations For ISC BIND versions prior to 9.4.3-P3, update to version 9.4.3-P3 or later. For ISC BIND versions prior to 9.5.1-P3, update to version 9.5.1-P3 or later. For ISC BIND versions prior to 9.6.1-P1, update to version 9.6.1-P1 or later. For liblwres40, libisccfg40, libisc45, libisccc40, and libdns45, at the moment, there is no information about a newer version that contains a fix for this vulnerability.