Overview
A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system.
Description
The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). |
Impact
A remote attacker may be able to cause the name server daemon to exit prematurely, thereby causing a denial of service for DNS operations. |
Solution
Upgrade |
Workarounds
|
Vendor Information
Internet Software Consortium Affected
Notified: April 30, 2007 Updated: May 02, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
ISC has published BIND version 9.4.1 to address this vulnerability. Users who compile their own versions of BIND from the original ISC source code are encouraged to upgrade to this version (or later) of the software.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Affected
Notified: May 02, 2007 Updated: May 15, 2007
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Mandriva has published Mandriva Security Advisory MDKSA-2007:100 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD Affected
Notified: May 02, 2007 Updated: July 03, 2007
Status
Affected
Vendor Statement
No formal NetBSD release included BIND 9.4.0. However 9.4.0 was in CVS
HEAD sources for a little while before being updated to 9.4.1. We have
sent out a short note to anyone who might be running with 9.4.0:
http://mail-index.netbsd.org/current-users/2007/07/01/0010.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Apple Computer, Inc. Not Affected
Notified: May 02, 2007 Updated: May 15, 2007
Status
Not Affected
Vendor Statement
Please list Apple as not vulnerable to VU#718460. We do not currently ship BIND 9.4.0 in our products.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Novell, Inc. Not Affected
Notified: May 02, 2007 Updated: May 09, 2007
Status
Not Affected
Vendor Statement
Our development team has reviewed this information and determined that
there is no impact on NetWare and OES Linux DNS Servers.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Openwall GNU/*/Linux Not Affected
Notified: May 02, 2007 Updated: May 09, 2007
Status
Not Affected
Vendor Statement
Openwall GNU/*/Linux is not affected. We currently use BIND 9.3.4, not
the affected version 9.4.0.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Slackware Linux Inc. Not Affected
Notified: May 02, 2007 Updated: May 03, 2007
Status
Not Affected
Vendor Statement
The newest version of BIND in any Slackware distribution is 9.3.4, so we
are not affected by this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. Not Affected
Notified: May 02, 2007 Updated: May 15, 2007
Status
Not Affected
Vendor Statement
This is to inform you that Sun Solaris is not affected by this issue since we
do not ship any of the BIND releases that are vulnerable.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ubuntu Not Affected
Notified: May 02, 2007 Updated: May 03, 2007
Status
Not Affected
Vendor Statement
Ubuntu is unaffected. None of our releases contain BIND 9.4.0.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
BlueCat Networks, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Cray Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Debian GNU/Linux Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
EMC, Inc. (formerly Data General Corporation) Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fedora Project Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Fujitsu Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
GNU glibc Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Gentoo Linux Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Gnu ADNS Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Hitachi Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM Corporation (zseries) Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
IBM eServer Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Immunix Communications, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Infoblox Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Juniper Networks, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Lucent Technologies Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Men & Mice Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Metasolv Software, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Microsoft Corporation Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
NEC Corporation Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nokia Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
OpenBSD Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Red Hat, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
SUSE Linux Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Shadowsupport Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Silicon Graphics, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sony Corporation Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
The SCO Group Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Trustix Secure Linux Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Turbolinux Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Unisys Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: May 02, 2007 Updated: May 02, 2007
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Mark Andrews of the Internet Systems Consortium (ISC) for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2007-2241 |
| Severity Metric: | 6.90 |
| Date Public: | 2007-05-01 |
| Date First Published: | 2007-05-03 |
| Date Last Updated: | 2007-07-03 14:13 UTC |
| Document Revision: | 13 |