bind: Cache poisoning attacks with unsolicited RRs

A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records RRs in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache...

SUSE CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam

A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This...

The vulnerability of the EDNS Client Subnet (ECS) DNS-server BIND component, which allows a attacker to cause a service failure.

The vulnerability of the EDNS Client Subnet ECS component of the BIND DNS server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures through the named parameter...

bind9: Parsing large DNS messages may cause excessive CPU load

A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...

bind: named's configured cache size limit can be significantly exceeded

A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...

SUSE CVE-2006-2073

Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite...

SUSE CVE-2009-4022

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...

The vulnerability of the BIND DNS server component, which allows a perpetrator to cause a service failure

The vulnerability of the BIND DNS server component is related to the lack of use of the assert function. Exploiting this vulnerability allows a remote attacker to cause service failures...

A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack

...

bind: BIND does not sufficiently limit the number of fetches performed when processing referrals

A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector...

USN-3769-1 bind9 vulnerability

It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service...

bind: Assertion failure when using DNS64 and RPZ Can Lead to Crash

A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response...

Assertion Error Denial of Service Vulnerability in ISC BIND 9

ISC BIND 9 is a set of DNS domain name resolution service software maintained by the Internet Systems Consortium ISC organization. ISC BIND 9 suffers from an Assertion Error Denial of Service vulnerability. A remote attacker can exploit the vulnerability by sending malformed packets to the server...

ISC BIND Denial of Service Vulnerability

ISC BIND is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if description...

bind: malformed packet sent to rndc can trigger assertion failure

A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash...

ISC BIND DNS64 RPZ Assertion Failure Denial of Service (CVE-2012-5689)

A denial-of-service vulnerability has been reported in the ISC BIND name server named. The vulnerability is due to faulty interaction with the DNS64 module resulting in the termination of the named process. A remote attacker can exploit this vulnerability by querying an "AAAA" type record for a...

SuSE 10 Security Update : bind (ZYPP Patch Number 7851)

This update fixes the issue that specially crafted DNS queries could crash the bind name server. CVE-2011-4313 Additionally, a syntax check warning complaining about every include file that only provides a snippet for the overall configuration has been removed. %NASLMINLEVEL 70300 C Tenable Netwo...

BIND Name Server Gets Patched Update

The Internet Systems Consortium ISC, the company behind the open source DNS BIND, software, has released security updates to resolve a DNSSEC-related vulnerability that could lead to Denial-of-Service DoS attacks. Read the full article. The H Security...

Debian DSA-1341-2 : bind9 - design error

This update provides fixed packages for the oldstable distribution sarge. For reference the original advisory text : Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...