CVE编号
CVE-2007-0494利用情况
暂无补丁情况
官方补丁披露时间
2007-01-26漏洞描述
ISC BIND 9.0.x、9.1.x、9.2.0至9.2.7、9.3.0至9.3.3、9.4.0a1至9.4.0a6、9.4.0b1至9.4.0b4、9.4.0rc1和9.5.0a1(仅限BIND Forum)允许远程攻击者通过包含多个rrset的类型*(ANY)DNS查询响应引起拒绝服务(退出),从而触发断言错误,也就是“DNSSEC验证”漏洞。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc | |
| http://docs.info.apple.com/article.html?artnum=305530 | |
| http://fedoranews.org/cms/node/2507 | |
| http://fedoranews.org/cms/node/2537 | |
| http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc | |
| http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&o... | |
| http://lists.apple.com/archives/security-announce/2007/May/msg00004.html | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | |
| http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html | |
| http://marc.info/?l=bind-announce&m=116968519300764&w=2 | |
| http://secunia.com/advisories/23904 | |
| http://secunia.com/advisories/23924 | |
| http://secunia.com/advisories/23943 | |
| http://secunia.com/advisories/23944 | |
| http://secunia.com/advisories/23972 | |
| http://secunia.com/advisories/23974 | |
| http://secunia.com/advisories/23977 | |
| http://secunia.com/advisories/24014 | |
| http://secunia.com/advisories/24048 | |
| http://secunia.com/advisories/24054 | |
| http://secunia.com/advisories/24083 | |
| http://secunia.com/advisories/24129 | |
| http://secunia.com/advisories/24203 | |
| http://secunia.com/advisories/24284 | |
| http://secunia.com/advisories/24648 | |
| http://secunia.com/advisories/24930 | |
| http://secunia.com/advisories/24950 | |
| http://secunia.com/advisories/25402 | |
| http://secunia.com/advisories/25482 | |
| http://secunia.com/advisories/25649 | |
| http://secunia.com/advisories/25715 | |
| http://secunia.com/advisories/26909 | |
| http://secunia.com/advisories/27706 | |
| http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc | |
| http://security.gentoo.org/glsa/glsa-200702-06.xml | |
| http://securitytracker.com/id?1017573 | |
| http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackw... | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102969-1 | |
| http://support.avaya.com/elmodocs2/security/ASA-2007-125.htm | |
| http://www-1.ibm.com/support/docview.wss?uid=isg1IY95618 | |
| http://www-1.ibm.com/support/docview.wss?uid=isg1IY95619 | |
| http://www-1.ibm.com/support/docview.wss?uid=isg1IY96144 | |
| http://www-1.ibm.com/support/docview.wss?uid=isg1IY96324 | |
| http://www.debian.org/security/2007/dsa-1254 | |
| http://www.isc.org/index.pl?/sw/bind/bind-security.php | |
| http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8 | |
| http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:030 | |
| http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html | |
| http://www.redhat.com/support/errata/RHSA-2007-0044.html | |
| http://www.redhat.com/support/errata/RHSA-2007-0057.html | |
| http://www.securityfocus.com/bid/22231 | |
| http://www.trustix.org/errata/2007/0005 | |
| http://www.ubuntu.com/usn/usn-418-1 | |
| http://www.vupen.com/english/advisories/2007/1401 | |
| http://www.vupen.com/english/advisories/2007/1939 | |
| http://www.vupen.com/english/advisories/2007/2002 | |
| http://www.vupen.com/english/advisories/2007/2163 | |
| http://www.vupen.com/english/advisories/2007/2245 | |
| http://www.vupen.com/english/advisories/2007/2315 | |
| http://www.vupen.com/english/advisories/2007/3229 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31838 | |
| https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n... | |
| https://issues.rpath.com/browse/RPL-989 | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... | |
| https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.0.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.1.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.1.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.1.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.1.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2.5 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.2.6 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.3.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.3.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.3.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.4.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | isc | bind | 9.5.0 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_3.1 | bind9 | * |
Up to (excluding) 1:9.2.4-1sarge2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_5 | bind9 | * |
Up to (excluding) 9.3.3-8.el5 |
|||||
- 攻击路径 本地
- 攻击复杂度 困难
- 权限要求 普通权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 -
还没有评论,来说两句吧...