CVE-2009-0696

Publication date 29 July 2009

Last updated 24 July 2024

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bind9	9.04 jaunty	Fixed 1:9.5.1.dfsg.P2-1ubuntu0.1
	8.10 intrepid	Fixed 1:9.5.0.dfsg.P2-1ubuntu3.2
	8.04 LTS hardy	Fixed 1:9.4.2.dfsg.P2-2ubuntu0.2
	6.06 LTS dapper	Fixed 1:9.3.2-2ubuntu1.7

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-808-1
Bind vulnerability
29 July 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0696