CVE-2006-4096 — Bind vulnerability

12 documents10 sources

Severity

5.0MEDIUMNVD

EPSS

19.6%

top 4.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedSep 6

Latest updateMay 1

Description

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.3.2-P1-1+3

▶NVDisc/bind11 versions+10

Patches

Patch: www.kb.cert.org ↗Patch: www.niscc.gov.uk ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-qwch-fhfg-fr39: BIND before 9↗2022-05-01

▶

CVEList

CVE-2006-4096: BIND before 9↗2006-09-06

▶

OSV

CVE-2006-4096: BIND before 9↗2006-09-06

▶

📋Vendor Advisories

Ubuntu

bind9 vulnerabilities↗2006-09-08

▶

BSD

FreeBSD-SA-06:20.bind: Denial of Service in named(8)↗2006-09-06

▶

Red Hat

INSIST failure in ISC BIND recursive query↗2006-09-05

▶

Debian

CVE-2006-4096: bind9 - BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause ...↗2006

▶

💬Community

Bugzilla

CVE-2006-4096 INSIST failure in ISC BIND recursive query↗2009-04-07

▶

Bugzilla

CVE-2006-5823 corrupted cramfs crashes in zlib_inflate↗2006-10-20

▶

Bugzilla

CVE-2006-1864 smbfs chroot issue↗2006-04-19

▶