English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57824
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:030 (bind)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to bind
announced via advisory MDKSA-2007:030.

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up
to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum
only) allows remote attackers to cause a denial of service (named
daemon crash) via unspecified vectors that cause named to dereference
a freed fetch context. (CVE-2007-0493)

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up
to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum
only) allows remote attackers to cause a denial of service (exit) via a
type * (ANY) DNS query response that contains multiple RRsets, which
triggers an assertion error. (CVE-2007-0494)

The updated packages have been patched to correct these issues.

Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:030

Risk factor : High

CVSS Score:
7.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-0493
1017561
http://securitytracker.com/id?1017561
2007-0005
http://www.trustix.org/errata/2007/0005
20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052018.html
http://www.securityfocus.com/archive/1/458066/100/0/threaded
22229
http://www.securityfocus.com/bid/22229
23904
http://secunia.com/advisories/23904
23924
http://secunia.com/advisories/23924
23943
http://secunia.com/advisories/23943
23972
http://secunia.com/advisories/23972
23974
http://secunia.com/advisories/23974
23977
http://secunia.com/advisories/23977
24014
http://secunia.com/advisories/24014
24048
http://secunia.com/advisories/24048
24054
http://secunia.com/advisories/24054
24129
http://secunia.com/advisories/24129
24203
http://secunia.com/advisories/24203
24930
http://secunia.com/advisories/24930
24950
http://secunia.com/advisories/24950
25402
http://secunia.com/advisories/25402
25649
http://secunia.com/advisories/25649
ADV-2007-0349
http://www.vupen.com/english/advisories/2007/0349
ADV-2007-1401
http://www.vupen.com/english/advisories/2007/1401
ADV-2007-1939
http://www.vupen.com/english/advisories/2007/1939
ADV-2007-2163
http://www.vupen.com/english/advisories/2007/2163
ADV-2007-2315
http://www.vupen.com/english/advisories/2007/2315
APPLE-SA-2007-05-24
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
FEDORA-2007-147
http://fedoranews.org/cms/node/2507
FEDORA-2007-164
http://fedoranews.org/cms/node/2537
FreeBSD-SA-07:02
http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
GLSA-200702-06
http://security.gentoo.org/glsa/glsa-200702-06.xml
HPSBTU02207
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
HPSBUX02219
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
MDKSA-2007:030
http://www.mandriva.com/security/advisories?name=MDKSA-2007:030
NetBSD-SA2007-003
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc
OpenPKG-SA-2007.007
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
RHSA-2007:0057
http://www.redhat.com/support/errata/RHSA-2007-0057.html
SSA:2007-026-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
SSRT061213
SSRT061239
SSRT061273
SSRT071304
SUSE-SA:2007:014
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
USN-418-1
http://www.ubuntu.com/usn/usn-418-1
[bind-announce] 20070125 Internet Systems Consortium Security Advisory.
http://marc.info/?l=bind-announce&m=116968519321296&w=2
http://docs.info.apple.com/article.html?artnum=305530
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
https://issues.rpath.com/browse/RPL-989
oval:org.mitre.oval:def:9614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9614
Common Vulnerability Exposure (CVE) ID: CVE-2007-0494
AIX APAR: IY95618
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618
AIX APAR: IY95619
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619
AIX APAR: IY96144
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144
AIX APAR: IY96324
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324
BugTraq ID: 22231
http://www.securityfocus.com/bid/22231
Debian Security Information: DSA-1254 (Google Search)
http://www.debian.org/security/2007/dsa-1254
FreeBSD Security Advisory: FreeBSD-SA-07:02
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
HPdes Security Advisory: HPSBTU02207
HPdes Security Advisory: HPSBUX02219
HPdes Security Advisory: SSRT061213
HPdes Security Advisory: SSRT061239
HPdes Security Advisory: SSRT061273
HPdes Security Advisory: SSRT071304
http://marc.info/?l=bind-announce&m=116968519300764&w=2
NETBSD Security Advisory: NetBSD-SA2007-003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523
http://www.redhat.com/support/errata/RHSA-2007-0044.html
http://securitytracker.com/id?1017573
http://secunia.com/advisories/23944
http://secunia.com/advisories/24083
http://secunia.com/advisories/24284
http://secunia.com/advisories/24648
http://secunia.com/advisories/25482
http://secunia.com/advisories/25715
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
SGI Security Advisory: 20070201-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
SuSE Security Announcement: SUSE-SA:2007:014 (Google Search)
http://www.vupen.com/english/advisories/2007/2002
http://www.vupen.com/english/advisories/2007/2245
http://www.vupen.com/english/advisories/2007/3229
XForce ISS Database: bind-rrsets-dos(31838)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31838
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.