Vulnerability Details : CVE-2007-0494
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
Vulnerability category: Denial of service
Products affected by CVE-2007-0494
- cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:b4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:b3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
Threat overview for CVE-2007-0494
Top countries where our scanners detected CVE-2007-0494
Top open port discovered on systems with this issue
53
IPs affected by CVE-2007-0494 5,984
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-0494!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-0494
80.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0494
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-0494
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0494
-
http://secunia.com/advisories/23904
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://secunia.com/advisories/23944
About Secunia Research | FlexeraVendor Advisory
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495
-
http://www.vupen.com/english/advisories/2007/3229
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619
IBM notice: The page you requested cannot be displayed
-
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
Object not found!
-
http://secunia.com/advisories/24203
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/25715
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1254
[SECURITY] [DSA 1254-1] New bind9 packages fix denial of service
-
http://secunia.com/advisories/25649
About Secunia Research | Flexera
-
http://marc.info/?l=bind-announce&m=116968519300764&w=2
'Internet Systems Consortium Security Advisory.' - MARC
-
http://docs.info.apple.com/article.html?artnum=305530
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1
-
http://secunia.com/advisories/27706
About Secunia Research | Flexera
-
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc
-
http://www.securityfocus.com/bid/22231
-
http://secunia.com/advisories/24014
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2007/2245
Site en construction
-
https://issues.rpath.com/browse/RPL-989
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324
IBM notice: The page you requested cannot be displayed
-
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:030
Mandriva
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
[Full-Disclosure] Mailing List Charter
-
http://fedoranews.org/cms/node/2537
404 Not Found
-
http://secunia.com/advisories/24930
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/24284
About Secunia Research | Flexera
-
http://www.ubuntu.com/usn/usn-418-1
USN-418-1: Bind vulnerabilities | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/24129
About Secunia Research | FlexeraVendor Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
The Slackware Linux Project: Slackware Security Advisories
-
http://secunia.com/advisories/25482
About Secunia Research | Flexera
-
http://secunia.com/advisories/23924
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/24048
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/24054
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2007/2163
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2007-0044.html
Support
-
http://www.redhat.com/support/errata/RHSA-2007-0057.html
Support
-
http://secunia.com/advisories/23974
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2007/1401
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618
IBM notice: The page you requested cannot be displayed
-
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
-
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
Oops! - ISCPatch
-
http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
-
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144
IBM notice: The page you requested cannot be displayed
-
http://securitytracker.com/id?1017573
Access Denied
-
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
Oops! - ISCPatch
-
http://www.vupen.com/english/advisories/2007/2315
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11523
404 Not Found
-
http://secunia.com/advisories/24950
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/26909
About Secunia Research | Flexera
-
http://secunia.com/advisories/23943
About Secunia Research | FlexeraVendor Advisory
-
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
-
http://secunia.com/advisories/23977
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2007/2002
Site en construction
-
http://secunia.com/advisories/23972
About Secunia Research | FlexeraVendor Advisory
-
http://www.isc.org/index.pl?/sw/bind/bind-security.php
Oops! - ISC
-
http://secunia.com/advisories/24083
About Secunia Research | FlexeraVendor Advisory
-
http://fedoranews.org/cms/node/2507
404 Not Found
-
http://www.vupen.com/english/advisories/2007/1939
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)
-
http://www.trustix.org/errata/2007/0005
Trustix | Empowering Trust and Security in the Digital Age
-
http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm
ASA-2007-125 (RHSA-2007-0044)
-
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
-
http://security.gentoo.org/glsa/glsa-200702-06.xml
BIND: Denial of service (GLSA 200702-06) — Gentoo security
-
http://secunia.com/advisories/25402
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/24648
About Secunia Research | FlexeraVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31838
ISC BIND RRset denial of service CVE-2007-0494 Vulnerability Report
Jump to