Vulnerability Name:

CVE-2007-2241 (CCN-33988)

Assigned:2007-04-30
Published:2007-04-30
Updated:2018-10-30
Summary:Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
Successful exploitation requires that "recursion" is enabled.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-2241

Source: OSVDB
Type: UNKNOWN
34748

Source: CCN
Type: SA25070
ISC BIND "query_addsoa" Denial of Service

Source: SECUNIA
Type: Vendor Advisory
25070

Source: CCN
Type: SECTRACK ID: 1017985
BIND query_addsoa() Bug Lets Remote Users Deny Service

Source: CCN
Type: Internet Systems Consortium 2007.04.30
BIND 9: query_addsoa DoS

Source: CONFIRM
Type: UNKNOWN
http://www.isc.org/index.pl?/sw/bind/bind-security.php

Source: CCN
Type: US-CERT VU#718460
ISC BIND denial of service vulnerability

Source: CERT-VN
Type: US Government Resource
VU#718460

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:100

Source: CCN
Type: OpenPKG-SA-2007.014
bind

Source: CCN
Type: OSVDB ID: 34748
ISC BIND query.c query_addsoa Function Unspecified Recursive Query DoS

Source: BID
Type: UNKNOWN
23738

Source: CCN
Type: BID-23738
ISC BIND Query_AddSOA Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017985

Source: VUPEN
Type: UNKNOWN
ADV-2007-1593

Source: XF
Type: UNKNOWN
bind-queryaddsoa-dos(33988)

Source: XF
Type: UNKNOWN
bind-queryaddsoa-dos(33988)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:isc:bind:9.4.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.5.0:*:*:*:-:*:*:*

    • Configuration CCN 1:
  • cpe:/a:isc:bind:9.4.0:*:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.5.0:a1:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.5.0:a2:*:*:-:*:*:*
  • OR cpe:/a:isc:bind:9.5.0:a3:*:*:-:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    isc bind 9.4.0
    isc bind 9.5.0
    isc bind 9.4.0
    isc bind 9.5.0 a1
    isc bind 9.5.0 a2
    isc bind 9.5.0 a3
    openpkg openpkg current
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1