SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND Query Processing Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1016794
SecurityTracker URL:  http://securitytracker.com/id/1016794
CVE Reference:   CVE-2006-4095, CVE-2006-4096   (Links to External Site)
Date:  Sep 5 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.3.2 and prior versions
Description:   A vulnerability was reported in BIND. A remote user can cause denial of service conditions.

A remote user (DNS server) can send specially crafted RRset responses in return to a recursive SIG query to cause the requesting named service to crash [CVE-2006-4095].

A remote user can also send specially crafted queries to trigger an INSIST failure and cause the requesting service(s) to crash [CVE-2006-4096].

Impact:   A remote user can cause the target named service to crash.
Solution:   The vendor has issued fixed versions (9.3.2-P1, 9.2.7, and 9.2.6-P1), available at:

http://www.isc.org/sw/bind/

Vendor URL:  www.isc.org/sw/bind/ (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 7 2006 (IBM Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service
IBM has issued a fix for AIX 5.2 and 5.3.
Sep 7 2006 (FreeBSD Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has released a fix.
Sep 8 2006 (OpenBSD Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service
OpenBSD has issued patches for OpenBSD UNIX 3.8 and 3.9.
Sep 22 2006 (NetBSD Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service   (NetBSD Security-Officer <security-officer@NetBSD.org>)
NetBSD has released a fix.
May 24 2007 (Apple Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has released a fix for Mac OS X.
May 24 2007 (Apple Issues Fix) BIND Query Processing Bugs Let Remote Users Deny Service   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has released a fix for Mac OS X. [This is a duplicate entry]
Dec 17 2014 (HP Issues Fix for TCP/IP Services for OpenVMS) BIND Query Processing Bugs Let Remote Users Deny Service
HP has issued a fix for TCP/IP Services for OpenVMS.



 Source Message Contents

Date:  Tue, 5 Sep 2006 16:55:03 -0400
Subject:  BIND vulnerabilities


CVE-2006-4095
CVE-2006-4096
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC