CVE-2007-0494

NameCVE-2007-0494
DescriptionISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, web search, more)
ReferencesDSA-1254-1
NVD severitymedium (attack range: remote)
Debian Bugs408432
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)squeeze, squeeze (security)1:9.7.3.dfsg-1~squeeze11fixed
squeeze (lts)1:9.7.3.dfsg-1~squeeze19fixed
wheezy1:9.8.4.dfsg.P1-6+nmu2+deb7u6fixed
wheezy (security)1:9.8.4.dfsg.P1-6+nmu2+deb7u9fixed
jessie1:9.9.5.dfsg-9+deb8u4fixed
jessie (security)1:9.9.5.dfsg-9+deb8u5fixed
stretch, sid1:9.9.5.dfsg-12.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bindsource(unstable)(not affected)
bind9source(unstable)1:9.3.4-2medium408432
bind9sourcesarge1:9.2.4-1sarge2mediumDSA-1254-1

Search for package or bug name: Reporting problems