>> ISC BIND Unspecified Denial of Service and ANY Response Handling Vulnerabilities
Title : ISC BIND Unspecified Denial of Service and ANY Response Handling Vulnerabilities VUPEN ID : VUPEN/ADV-2007-0349 CVE ID : CVE-2007-0493 - CVE-2007-0494
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-01-25
Technical Description
Two vulnerabilities have been identified in ISC BIND, which could be exploited by remote attackers to cause a denial of service.
The first issue is due to an unspecified error within the named daemon that dereferences a freed fetch context, which could be exploited by attackers to cause a vulnerable server to exit unexpectedly, creating a denial of service condition.
The second issue is due to an error when validating responses to type "*" (ANY) queries that return multiple RRsets in the answer, which could be exploited by attackers to cause a denial of service.
