CVE

CVE-2007-0493

Date: (C)2007-01-25   (M)2023-12-22

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE

Reference:

SECTRACK-1017561

2007-0005

http://www.securityfocus.com/archive/1/458066/100/0/threaded

BID-22229

SECUNIA-23904

SECUNIA-23924

SECUNIA-23943

SECUNIA-23972

SECUNIA-23974

SECUNIA-23977

SECUNIA-24014

SECUNIA-24048

SECUNIA-24054

SECUNIA-24129

SECUNIA-24203

SECUNIA-24930

SECUNIA-24950

SECUNIA-25402

SECUNIA-25649

ADV-2007-0349

ADV-2007-1401

ADV-2007-1939

ADV-2007-2163

ADV-2007-2315

APPLE-SA-2007-05-24

FEDORA-2007-147

FEDORA-2007-164

FreeBSD-SA-07:02

GLSA-200702-06

MDKSA-2007:030

NetBSD-SA2007-003

OpenPKG-SA-2007.007

RHSA-2007:0057

SSA:2007-026-01

SSRT061273

SSRT071304

SUSE-SA:2007:014

USN-418-1

http://marc.info/?l=bind-announce&m=116968519321296&w=2

http://docs.info.apple.com/article.html?artnum=305530

http://www.isc.org/index.pl?/sw/bind/bind-security.php

http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8

http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488

https://issues.rpath.com/browse/RPL-989

oval:org.mitre.oval:def:9614