Ubuntu USN-808-1 (bind9) Network Vulnerability

Summary

The remote host is missing an update to bind9 announced via advisory USN-808-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: bind9 1:9.3.2-2ubuntu1.7 Ubuntu 8.04 LTS: bind9 1:9.4.2.dfsg.P2-2ubuntu0.2 Ubuntu 8.10: bind9 1:9.5.0.dfsg.P2-1ubuntu3.2 Ubuntu 9.04: bind9 1:9.5.1.dfsg.P2-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-808-1

Insight

Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service.

Severity

Classification

CVE CVE-2009-0696
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for curl USN-2474-1
Ubuntu Update for apache2 USN-1903-1
Ubuntu Update for apr-util vulnerability USN-1022-1
Ubuntu Update for apache2 USN-1259-1
Ubuntu Update for dnsmasq vulnerability USN-627-1

Take action and discover your vulnerabilities