CVE-2007-2241 - Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion

CVE-2007-2241

Summary

Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. Successful exploitation requires that "recursion" is enabled.

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*

CVSS

Base:	7.1 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

refmap via4

bid	23738
cert-vn	VU#718460
confirm	http://www.isc.org/index.pl?/sw/bind/bind-security.php
mandriva	MDKSA-2007:100
osvdb	34748
sectrack	1017985
secunia	25070
vupen	ADV-2007-1593
xf	bind-queryaddsoa-dos(33988)

statements via4

contributor	Mark J Cox
lastmodified	2007-05-03
organization	Red Hat
statement	Not vulnerable. These issues did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

30-10-2018 - 16:27

Published

02-05-2007 - 10:19

Last modified

30-10-2018 - 16:27