CVE-2006-4095

moderate-risk

Published 2006-09-06

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

Do I need to act?

4.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (6)

Ubuntu Linux

Mac Os X

Mac Os X Server

Bind

Affected Vendors

Isc Apple Canonical

References (70)

Broken Link http://docs.info.apple.com/article.html?artnum=305530

Mailing List http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Broken Link http://secunia.com/advisories/21752

Broken Link http://secunia.com/advisories/21786

Broken Link http://secunia.com/advisories/21816

Broken Link http://secunia.com/advisories/21818

Broken Link http://secunia.com/advisories/21828

Broken Link http://secunia.com/advisories/21835

Broken Link http://secunia.com/advisories/21838

Broken Link http://secunia.com/advisories/21912

Broken Link http://secunia.com/advisories/21926

Broken Link http://secunia.com/advisories/22298

Broken Link http://secunia.com/advisories/24950

Broken Link http://secunia.com/advisories/25402

Third Party Advisory http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc

Third Party Advisory http://security.gentoo.org/glsa/glsa-200609-11.xml

Broken Link http://securitytracker.com/id?1016794

Broken Link http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware...

Patch http://www.kb.cert.org/vuls/id/915404

Broken Link http://www.mandriva.com/security/advisories?name=MDKSA-2006:163

and 50 more references

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 8/34 · Low

Exposure 13/34 · Low