Vulnerability Details : CVE-2006-4096
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
Vulnerability category: Denial of service
Products affected by CVE-2006-4096
- cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
Threat overview for CVE-2006-4096
Top countries where our scanners detected CVE-2006-4096
Top open port discovered on systems with this issue
53
IPs affected by CVE-2006-4096 5,777
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-4096!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-4096
20.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2006-4096
-
Red Hat 2006-09-08Not Vulnerable. This issue was found and fixed as part of Red Hat Enterprise Linux 4 update 4: http://rhn.redhat.com/errata/RHBA-2006-0288.html and Red Hat Enterprise Linux 3 update 8: http://rhn.redhat.com/errata/RHBA-2006-0287.html This issue does not affect Red Hat Enterprise Linux 2.1
References for CVE-2006-4096
-
http://www.novell.com/linux/security/advisories/2006_24_sr.html
Security - Support | SUSE
-
http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc
-
http://www.vupen.com/english/advisories/2006/3473
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/bid/19859
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IY89169
IBM notice: The page you requested cannot be displayed
-
http://docs.info.apple.com/article.html?artnum=305530
-
http://www.securityfocus.com/archive/1/445600/100/0/threaded
-
http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
Patch
-
http://www.ubuntu.com/usn/usn-343-1
USN-343-1: bind9 vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28744
ISC BIND recursive INSIST denial of service CVE-2006-4096 Vulnerability Report
-
http://www.vupen.com/english/advisories/2006/3511
Site en construction
-
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
-
http://www.kb.cert.org/vuls/id/697164
VU#697164 - BIND vulnerable to an INSIST failure via sending of multiple recursive queriesPatch;US Government Resource
-
http://www.novell.com/linux/security/advisories/2006_23_sr.html
Security - Support | SUSE
-
http://www.us.debian.org/security/2006/dsa-1172
-
https://issues.rpath.com/browse/RPL-626
-
http://security.gentoo.org/glsa/glsa-200609-11.xml
BIND: Denial of service (GLSA 200609-11) — Gentoo security
-
http://www.vupen.com/english/advisories/2007/1401
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.openbsd.org/errata.html
OpenBSD: Errata and Patches
-
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:163
Advisories - Mandriva Linux
-
http://marc.info/?l=bugtraq&m=141879471518471&w=2
'[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Re' - MARC
-
http://securitytracker.com/id?1016794
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241
The Slackware Linux Project: Slackware Security Advisories
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9623
404 Not Found
-
http://www.vupen.com/english/advisories/2007/1939
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IY89178
IBM notice: The page you requested cannot be displayed
Jump to