Main Vulnerability Database Exploits ID:9046 - Exploit for Assertion failure in ISC BIND - CVE-2009-0696

ID:9046 - Exploit for Assertion failure in ISC BIND - CVE-2009-0696

Published: May 7, 2023

Vulnerability identifier: #VU6168

Vulnerability risk: High

CVE-ID: CVE-2009-0696

CWE-ID: CWE-617

Exploitation vector: Remote access

Vulnerable software:
ISC BIND

Link to public exploit:

https://github.com/magikh0e/CVEs

Vulnerability description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to assertion failure in dns_db_findrdataset() function within db.c when named is configured as a master server. A remote unauthenticated attacker can send an ANY record in the prerequisite section of a crafted dynamic update message and trigger assertion failure and daemon exit.

Successful exploitation of this vulnerability may allow an attacker to perform denial of service (DoS) attack.

Note: this vulnerability is being actively exploited.

Remediation

Update to version 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1.

ID:9046 - Exploit for Assertion failure in ISC BIND - CVE-2009-0696

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human