// For flags

CVE-2007-0493

bind use-after-free

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

Vulnerabilidad "usar después de liberar" en ISC BIND 9.3.0 hasta 9.3.3, 9.4.0a1 hasta 9.4.0a6, 9.4.0b1 hasta 9.4.0b4, 9.4.0rc1, y 9.5.0a1 (Bind Forum only) permite a atacantes remotos provocar una denegación de servicio (caída de demonio nombrado) mediante vectores no especificados que causan un nombrado a "referencia a un contexto recuperado liberado".

Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-01-25 CVE Reserved
  • 2007-01-25 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
References (49)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=305530 X_refsource_confirm
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052018.html Mailing List
http://marc.info/?l=bind-announce&m=116968519321296&w=2 Mailing List
http://secunia.com/advisories/23924 Third Party Advisory
http://secunia.com/advisories/23943 Third Party Advisory
http://secunia.com/advisories/23972 Third Party Advisory
http://secunia.com/advisories/23974 Third Party Advisory
http://secunia.com/advisories/23977 Third Party Advisory
http://secunia.com/advisories/24014 Third Party Advisory
http://secunia.com/advisories/24048 Third Party Advisory
http://secunia.com/advisories/24054 Third Party Advisory
http://secunia.com/advisories/24129 Third Party Advisory
http://secunia.com/advisories/24203 Third Party Advisory
http://secunia.com/advisories/24930 Third Party Advisory
http://secunia.com/advisories/24950 Third Party Advisory
http://secunia.com/advisories/25402 Third Party Advisory
http://secunia.com/advisories/25649 Third Party Advisory
http://securitytracker.com/id?1017561 Vdb Entry
http://www.isc.org/index.pl?/sw/bind/bind-security.php X_refsource_confirm
http://www.securityfocus.com/archive/1/458066/100/0/threaded Mailing List
http://www.securityfocus.com/bid/22229 Vdb Entry
http://www.vupen.com/english/advisories/2007/0349 Vdb Entry
http://www.vupen.com/english/advisories/2007/1401 Vdb Entry
http://www.vupen.com/english/advisories/2007/1939 Vdb Entry
http://www.vupen.com/english/advisories/2007/2163 Vdb Entry
http://www.vupen.com/english/advisories/2007/2315 Vdb Entry
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488 X_refsource_confirm
https://issues.rpath.com/browse/RPL-989 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9614 Signature
URL Date SRC
URL Date SRC
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8 2023-02-13
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4 2023-02-13
URL Date SRC
http://fedoranews.org/cms/node/2507 2023-02-13
http://fedoranews.org/cms/node/2537 2023-02-13
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc 2023-02-13
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 2023-02-13
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html 2023-02-13
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html 2023-02-13
http://secunia.com/advisories/23904 2023-02-13
http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc 2023-02-13
http://security.gentoo.org/glsa/glsa-200702-06.xml 2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2007:030 2023-02-13
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0057.html 2023-02-13
http://www.trustix.org/errata/2007/0005 2023-02-13
http://www.ubuntu.com/usn/usn-418-1 2023-02-13
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 2023-02-13
https://access.redhat.com/security/cve/CVE-2007-0493 2007-03-14
https://bugzilla.redhat.com/show_bug.cgi?id=230003 2007-03-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.0
Search vendor "Isc" for product "Bind" and version "9.3.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.1
Search vendor "Isc" for product "Bind" and version "9.3.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.3.2
Search vendor "Isc" for product "Bind" and version "9.3.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5.0
Search vendor "Isc" for product "Bind" and version "9.5.0"
-
Affected