BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Isc
  • Bind
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Desktop version 3
cpe:/o:redhat:enterprise_linux:3 RHBA-2006:0287 2006-07-20T00:00:00Z
Red Hat Enterprise Linux AS version 3
cpe:/o:redhat:enterprise_linux:3 RHBA-2006:0287 2006-07-20T00:00:00Z
Red Hat Enterprise Linux AS version 4
cpe:/o:redhat:enterprise_linux:4 RHBA-2006:0288 2006-08-09T00:00:00Z
Red Hat Enterprise Linux Desktop version 4
cpe:/o:redhat:enterprise_linux:4 RHBA-2006:0288 2006-08-09T00:00:00Z
Red Hat Enterprise Linux ES version 3
cpe:/o:redhat:enterprise_linux:3 RHBA-2006:0287 2006-07-20T00:00:00Z
Red Hat Enterprise Linux ES version 4
cpe:/o:redhat:enterprise_linux:4 RHBA-2006:0288 2006-08-09T00:00:00Z
Red Hat Enterprise Linux WS version 3
cpe:/o:redhat:enterprise_linux:3 RHBA-2006:0287 2006-07-20T00:00:00Z
Red Hat Enterprise Linux WS version 4
cpe:/o:redhat:enterprise_linux:4 RHBA-2006:0288 2006-08-09T00:00:00Z
References
Link Providers
http://docs.info.apple.com/article.html?artnum=305530 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=141879471518471&w=2 cve-icon cve-icon
http://secunia.com/advisories/21752 cve-icon cve-icon
http://secunia.com/advisories/21786 cve-icon cve-icon
http://secunia.com/advisories/21790 cve-icon cve-icon
http://secunia.com/advisories/21816 cve-icon cve-icon
http://secunia.com/advisories/21818 cve-icon cve-icon
http://secunia.com/advisories/21828 cve-icon cve-icon
http://secunia.com/advisories/21835 cve-icon cve-icon
http://secunia.com/advisories/21838 cve-icon cve-icon
http://secunia.com/advisories/21912 cve-icon cve-icon
http://secunia.com/advisories/21926 cve-icon cve-icon
http://secunia.com/advisories/22298 cve-icon cve-icon
http://secunia.com/advisories/24950 cve-icon cve-icon
http://secunia.com/advisories/25402 cve-icon cve-icon
http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200609-11.xml cve-icon cve-icon
http://securitytracker.com/id?1016794 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241 cve-icon cve-icon
http://www-1.ibm.com/support/docview.wss?uid=isg1IY89169 cve-icon cve-icon
http://www-1.ibm.com/support/docview.wss?uid=isg1IY89178 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/697164 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:163 cve-icon cve-icon
http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_23_sr.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_24_sr.html cve-icon cve-icon
http://www.openbsd.org/errata.html cve-icon cve-icon
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/445600/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/19859 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-343-1 cve-icon cve-icon
http://www.us.debian.org/security/2006/dsa-1172 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3473 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3511 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/1401 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/1939 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/28744 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-626 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-4096 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9623 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-4096 cve-icon
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-06T00:00:00

Updated: 2024-08-07T18:57:45.594Z

Reserved: 2006-08-14T00:00:00

Link: CVE-2006-4096

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-09-06T00:04:00.000

Modified: 2024-11-21T00:15:09.387

Link: CVE-2006-4096

cve-icon Redhat

Severity : Important

Publid Date: 2006-09-05T00:00:00Z

Links: CVE-2006-4096 - Bugzilla