search menu icon-carat-right cmu-wordmark

CERT Coordination Center


ISC BIND 9 vulnerable to denial of service via dynamic update request

Vulnerability Note VU#725188

Original Release Date: 2009-07-28 | Last Revised: 2009-08-27

Overview

ISC BIND 9 contains a vulnerability that may allow a remote, unauthenticated attacker to create a denial-of-service condition.

Description

The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). It includes support for dynamic DNS updates as specified in IETF RFC 2136. BIND 9 can crash when processing a specially-crafted dynamic update packet.

ISC notes that this vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates. ISC also indicates that the attack packet has to be constructed for a zone for which the target system is configured as a master; launching the attack against slave zones does not trigger the vulnerability.

Impact

By sending a specially-crafted dynamic update packet to a BIND 9 server, a remote, unauthenticated attacker can cause a denial of service by causing BIND to crash.

Solution

Apply an update
Users who obtain BIND from a third-party vendor, such as their operating system vendor, should see the systems affected portion of this document for a partial list of affected vendors.

This vulnerability is addressed in ISC BIND versions 9.4.3-P3, 9.5.1-P3, and BIND 9.6.1-P1. Users of BIND from the original source distribution should upgrade to one of these versions, as appropriate.

See also https://www.isc.org/node/474.

Vendor Information

725188
Expand all

Apple Inc.

Notified:  July 28, 2009 Updated:  August 17, 2009

Statement Date:   August 13, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Apple has published Security Update 2009-004 in response to this issue. Users are encouraged to review this bulletin and apply the patches that it refers to.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

BlueCat Networks, Inc.

Notified:  July 28, 2009 Updated:  July 30, 2009

Statement Date:   July 29, 2009

Status

  Vulnerable

Vendor Statement

BlueCat Networks has incorporated the ISC patches related to the Dynamic Update
DDoS vulnerability (CVE-2009-0696, VU#725188) into the following versions of
the Adonis DNS/DHCP appliances:



Adonis v5.0.4  
Adonis v5.1.X  
Adonis v5.5.X  
Adonis v6.0.9



NB: Patches can be applied to any Minor version of Adonis which fall within the
versions listed above.

BlueCat is currently investigating making the patch available for older product
versions.  More information about the availability of updates can be found at
http://www.bluecatnetworks.com/clientsupport/vulnerability_information

The patches can be obtained from BlueCat Networks Support, who can be contacted
at
http://www.bluecatnetworks.com/clientsupport

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Debian GNU/Linux

Notified:  July 28, 2009 Updated:  August 03, 2009

Statement Date:   July 29, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The Debian Security Team has published Debian Security Advisory DSA-1847 in response to this issue. Users are encouraged to review this advisory and apply the patches it describes.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks, Inc.

Notified:  July 28, 2009 Updated:  July 31, 2009

Statement Date:   July 31, 2009

Status

  Vulnerable

Vendor Statement

F5 confirms that this is a remote vulnerability affecting the following products:

BIG-IP GTM 9.3.1, 9.4.5, 9.4.6, 9.4.7, 10.0.1

The following products are not vulnerable:

* WebAccelerator is not vulnerable (all versions)
* ARX is not vulnerable (all versions)
* Link Controller (all versions)
* WanJet is not vulnerable (all versions)
* Firepass is not vulnerable (all versions)
* SAM is not vulnerable (all versions)
* ASM is not vulnerable (all versions)

The following products ship with vulnerable versions of BIND.  However, BIND is disabled and these products are therefore not vulnerable.

Enterprise Manager 1.6, 1.7, 1.8
BIG-IP LTM 9.3.1, 9.4.5, 9.4.6, 9.4.7, 9.6.1, 10.0.1

Patches are being readied now -- please use your normal support channel to get them.

More information is available at
https://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD, Inc.

Notified:  July 28, 2009 Updated:  July 30, 2009

Statement Date:   July 29, 2009

Status

  Vulnerable

Vendor Statement

All supported versions of FreeBSD are vulnerable to this issue.

The FreeBSD Security Team has released the FreeBSD Security Advisory
FreeBSD-SA-09:12.bind in response to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company

Notified:  July 28, 2009 Updated:  August 26, 2009

Statement Date:   August 07, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Hewlett-Packard has released the following security bulletins in response to this vulnerability:

      • HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
      • HPSBOV02452 SSRT090161 rev.1 - HP TCP/IP Services for OpenVMS BIND Server Remote Denial of Service (DoS)
      • HPSBTU02453 SSRT091037 rev.2 - HP Tru64 UNIX or HP Tru64 Internet Express Running BIND Server, Denial of Service (DoS)

These documents are available to registered users at the

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Infoblox

Notified:  July 28, 2009 Updated:  July 30, 2009

Statement Date:   July 29, 2009

Status

  Vulnerable

Vendor Statement

Infoblox has incorporated the ISC patches to our version of BIND related to CERT VU#725188 (CVE-2009-0696) denial of service vulnerability.
The following Infoblox NIOS releases include the patch as of 7/28/2009:
"       4.2r5-5
"       4.3r2-9
"       4.3r4-4
"       4.3r5-1

These patches are available on the Infoblox Support Site at http://www.infoblox.com/support/.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Note that the vendor's announcement regarding this vulnerability on the support page listed above has been updated as of 2009-07-29.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Internet Systems Consortium

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

This issue is addressed in BIND versions 9.4.3-P3, 9.5.1-P3, and BIND 9.6.1-P1. Users are encouraged to upgrade to the appropriate version.

See also https://www.isc.org/node/474.

Vendor References

https://www.isc.org/node/474 http://oldwww.isc.org/sw/bind/view?release=9.4.3-P3&noframes=1 http://oldwww.isc.org/sw/bind/view?release=9.5.1-P3&noframes=1 http://oldwww.isc.org/sw/bind/view?release=9.6.1-P1&noframes=1

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nixu

Notified:  July 28, 2009 Updated:  July 30, 2009

Statement Date:   July 29, 2009

Status

  Vulnerable

Vendor Statement

==========================
NIXU ADVISORY ON VU#725188
==========================

=====================
Nixu NameSurfer Suite
=====================
All Nixu NameSurfer versions ship with a proprietary primary DNS server is
not affected by VU#725188. Therefore, when Nixu NameSurfer is run as the
primary DNS server, no action is required to protect the master DNS server
against this threat.

Nixu NameSurfer Suite 6.5.2 ships with an optional companion BIND 9.6.1
server that can be installed on the same server running Nixu NameSurfer
Suite. If the companion BIND 9.6.1 server has been activated at install and
is used to run localhost (127.0.0.1) as a master zone, Nixu recommends
either of the following approaches:

1) the master zone on localhost BIND is disabled
2) the localhost BIND is patched to version 9.6.1-P1

Please note that a failure in the localhost BIND due to the vulnerability
outlined in VU#725188 does not pose any threat to authoritative DNS zones
for which Nixu NameSurfer Suite is the master, i.e. Nixu NameSurfer primary
DNS server will continue to serve the (remote) secondary DNS servers even if
the optional local BIND server failed.

=============================
Nixu Secure Name Server (SNS)
=============================
Nixu SNS secondary server instances hosting slave copies of master zones
managed in Nixu NameSurfer primary are not affected by VU#725188.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD

Notified:  July 28, 2009 Updated:  July 30, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Patches for this issue were committed to the HEAD of the OpenBSD CVS respository on 2009-07-29. Users running -current from before that date should update their systems.

Patches for -release versions were published on 2009-07-29 as well. These patches can be found at:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/014_bind.patch for OpenBSD-4.4
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/007_bind.patch for OpenBSD-4.5
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/001_bind.patch for OpenBSD-4.6 (note that OpenBSD 4.6 has not been formally released as of this writing)

Patches for this issue were committed to the OPENBSD_4_4, OPENBSD_4_5, and OPENBSD_4_6 CVS branches on 2009-07-30. Users running -stable systems from before this date should update their systems.

Older versions of the operating system are not officially supported.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc.

Notified:  July 28, 2009 Updated:  July 30, 2009

Statement Date:   July 29, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Red Hat, Inc. has published Red Hat Security Advisory RHSA-2009:1179 in response to this issue. Users are encouraged to review this advisory and apply the patches it describes.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux

Notified:  July 28, 2009 Updated:  July 31, 2009

Statement Date:   July 31, 2009

Status

  Vulnerable

Vendor Statement

The SUSE Linux products are vulnerable to the published BIND remote denial
of service attack.  We have released updated packages to fix this issue.

Reference:
http://www.novell.com/linux/security/advisories/2009_40_bind.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems, Inc.

Notified:  July 28, 2009 Updated:  July 30, 2009

Statement Date:   July 30, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Sun Microsystems has published SunSolve Document ID 264828 in response to this issue. This document indicates that "A final resolution is pending completion". In the meantime, users may wish to consider applying the appropriate Interim Security Relief (ISR) packages for Solaris 10 described in the document.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ubuntu

Notified:  July 28, 2009 Updated:  July 29, 2009

Statement Date:   July 29, 2009

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The Ubuntu Security Team has published Ubuntu Security Notice USN-808-1 in response to this issue. Users are encouraged to review this notice and apply the updates it describes.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nominum

Notified:  July 28, 2009 Updated:  July 30, 2009

Statement Date:   July 29, 2009

Status

  Not Vulnerable

Vendor Statement

We have confirmed that no version of Nominum's servers is vulnerable to this.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel-Lucent

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point Software Technologies

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Conectiva Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

DragonFly BSD Project

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

EMC Corporation

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde Secure Linux

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ericsson

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fedora Project

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

GNU glibc

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gentoo Linux

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Gnu ADNS

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM eServer

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva S. A.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

McAfee

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Men & Mice

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Metasolv Software, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Microsoft Corporation

Notified:  August 03, 2009 Updated:  August 03, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NetBSD

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nortel Networks, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

QNX, Software Systems, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SafeNet

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Shadowsupport

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Silicon Graphics, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Slackware Linux Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

The SCO Group

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Turbolinux

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc.

Notified:  July 28, 2009 Updated:  July 28, 2009

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to ISC for reporting this vulnerability.

This document was written by Will Dormann and Chad Dougherty.

Other Information

CVE IDs: CVE-2009-0696
Severity Metric: 26.33
Date Public: 2009-07-28
Date First Published: 2009-07-28
Date Last Updated: 2009-08-27 14:10 UTC
Document Revision: 32

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.