Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2015-02835

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 01 янв. 2015
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: fstec
CVSS2: 4.3
EPSS Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

ОписаниС

ΠœΠ½ΠΎΠΆΠ΅ΡΡ‚Π²Π΅Π½Π½Ρ‹Π΅ уязвимости ΠΏΠ°ΠΊΠ΅Ρ‚Π° libisccfg40 ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы DebianΒ GNU/Linux, эксплуатация ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… ΠΌΠΎΠΆΠ΅Ρ‚ привСсти ΠΊ Π½Π°Ρ€ΡƒΡˆΠ΅Π½ΠΈΡŽ доступности Π·Π°Ρ‰ΠΈΡ‰Π°Π΅ΠΌΠΎΠΉ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ. Эксплуатация уязвимостСй ΠΌΠΎΠΆΠ΅Ρ‚ Π±Ρ‹Ρ‚ΡŒ осущСствлСна ΡƒΠ΄Π°Π»Π΅Π½Π½ΠΎ

Π’Π΅Π½Π΄ΠΎΡ€

БообщСство свободного ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ³ΠΎ обСспСчСния

НаимСнованиС ПО

Debian GNU/Linux

ВСрсия ПО

Π΄ΠΎ 4 (Debian GNU/Linux)

Вип ПО

ΠžΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½Π°Ρ систСма

ΠžΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½Ρ‹Π΅ систСмы ΠΈ Π°ΠΏΠΏΠ°Ρ€Π°Ρ‚Π½Ρ‹Π΅ ΠΏΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΡ‹

-

Π£Ρ€ΠΎΠ²Π΅Π½ΡŒ опасности уязвимости

Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ ΡƒΡ€ΠΎΠ²Π΅Π½ΡŒ опасности (базовая ΠΎΡ†Π΅Π½ΠΊΠ° CVSS 2.0 составляСт 4,3)

Π’ΠΎΠ·ΠΌΠΎΠΆΠ½Ρ‹Π΅ ΠΌΠ΅Ρ€Ρ‹ ΠΏΠΎ ΡƒΡΡ‚Ρ€Π°Π½Π΅Π½ΠΈΡŽ уязвимости

ΠŸΡ€ΠΎΠ±Π»Π΅ΠΌΠ° ΠΌΠΎΠΆΠ΅Ρ‚ Π±Ρ‹Ρ‚ΡŒ Ρ€Π΅ΡˆΠ΅Π½Π° ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΠ΅ΠΌ ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы Π΄ΠΎ ΡΠ»Π΅Π΄ΡƒΡŽΡ‰ΠΈΡ… вСрсий ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² Π² зависимости ΠΎΡ‚ Π°Ρ€Ρ…ΠΈΡ‚Π΅ΠΊΡ‚ΡƒΡ€Ρ‹:
Debian GNU/Linux 4:
ppc:
libbind-dev - 9.3.4-2etch5
dnsutils - 9.3.4-2etch5
libdns22 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
libisccc0 - 9.3.4-2etch5
libisc11 - 9.3.4-2etch5
i686:
libisc11 - 9.3.4-2etch5
libbind-dev - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
libisccc0 - 9.3.4-2etch5
dnsutils - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
libdns22 - 9.3.4-2etch5
sparc:
libdns22 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
libisc11 - 9.3.4-2etch5
libisccc0 - 9.3.4-2etch5
dnsutils - 9.3.4-2etch5
libbind-dev - 9.3.4-2etch5
x86-64:
libisccc0 - 9.3.4-2etch5
libdns22 - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
libisc11 - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
libbind-dev - 9.3.4-2etch5
dnsutils - 9.3.4-2etch5
ia64:
dnsutils - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
libbind-dev - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
libisc11 - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
libisccc0 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
libdns22 - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
mips:
dnsutils - 9.3.4-2etch5
libbind-dev - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
libisc11 - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
libisccc0 - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
libdns22 - 9.3.4-2etch5
noarch:
bind9-doc - 9.3.4-2etch5
mipsel:
libbind-dev - 9.3.4-2etch5
libdns22 - 9.3.4-2etch5
dnsutils - 9.3.4-2etch5
libisc11 - 9.3.4-2etch5
libisccc0 - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
hppa:
libbind-dev - 9.3.4-2etch5
dnsutils - 9.3.4-2etch5
libisccfg1 - 9.3.4-2etch5
lwresd - 9.3.4-2etch5
liblwres9 - 9.3.4-2etch5
bind9 - 9.3.4-2etch5
libbind9-0 - 9.3.4-2etch5
bind9-host - 9.3.4-2etch5
libisc11 - 9.3.4-2etch5
libisccc0 - 9.3.4-2etch5
libdns22 - 9.3.4-2etch5
Debian GNU/Linux 5:
ppc:
bind9 - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
s390x:
libbind-dev - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
i686:
libbind-dev - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
sparc:
bind9-host - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
x86-64:
lwresd - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
armel:
libisc45 - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3-1
alpha:
libisc45 - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3-1
ia64:
liblwres40 - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
mips:
libisccfg40 - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
noarch:
bind9-doc - 9.5.1.dfsg.P3-1
mipsel:
libbind-dev - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
liblwres40 - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
hppa:
liblwres40 - 9.5.1.dfsg.P3-1
bind9 - 9.5.1.dfsg.P3-1
libbind9-40 - 9.5.1.dfsg.P3-1
lwresd - 9.5.1.dfsg.P3-1
libisc45 - 9.5.1.dfsg.P3-1
libdns45 - 9.5.1.dfsg.P3-1
bind9-host - 9.5.1.dfsg.P3-1
libisccc40 - 9.5.1.dfsg.P3-1
libisccfg40 - 9.5.1.dfsg.P3-1
dnsutils - 9.5.1.dfsg.P3-1
bind9utils - 9.5.1.dfsg.P3-1
libbind-dev - 9.5.1.dfsg.P3

Бтатус уязвимости

ΠŸΠΎΠ΄Ρ‚Π²Π΅Ρ€ΠΆΠ΄Π΅Π½Π° ΠΏΡ€ΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡ‚Π΅Π»Π΅ΠΌ

НаличиС эксплойта

Π”Π°Π½Π½Ρ‹Π΅ ΡƒΡ‚ΠΎΡ‡Π½ΡΡŽΡ‚ΡΡ

Π˜Π½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡ ΠΎΠ± устранСнии

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ устранСна

Бсылки Π½Π° источники

Π˜Π΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ‚ΠΎΡ€Ρ‹ Π΄Ρ€ΡƒΠ³ΠΈΡ… систСм описаний уязвимостСй

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 97%
0.35784
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

4.3 Medium

CVSS2

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2009-0696

ubuntu
ΠΏΠΎΡ‡Ρ‚ΠΈ 16 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2009-0696

redhat
ΠΏΠΎΡ‡Ρ‚ΠΈ 16 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2009-0696

nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 16 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2009-0696

debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 16 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 befo ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-54q7-wf84-v94r

github
ΠΎΠΊΠΎΠ»ΠΎ 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 97%
0.35784
Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ

4.3 Medium

CVSS2

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ BDU:2015-02835