274 matches found
Input validation
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...
CVE-2010-3762
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...
Debian DSA-2054-1 : bind9 - DNS cache poisoning
Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems : -...
[SECURITY] [DSA 2054-1] New bind9 packages fix cache poisoning
------------------------------------------------------------------------ Debian Security Advisory DSA-2054-1 [email protected] http://www.debian.org/security/ Florian Weimer June 04, 2010 http://www.debian.org/security/faq -...
CVE-2010-0097
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records, which allows remote attackers to add the Authenticated Data AD flag to a forged NXDOMAIN response for an existing domain...
CVE-2010-0290
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query a...
CVE-2010-0290
CVE-2010-0290 is described in connected F5 advisories as an ISC BIND cache-poisoning vulnerability affecting BIND 9.0.x–9.3.x, 9.4 up to 9.4.3-P5, 9.5 up to 9.5.2-P2, 9.6 up to 9.6.1-P3, and 9.7.0 beta, when DNSSEC validation is enabled and CD checking is disabled. The attack involves receiving a...
Ubuntu Update for bind9 vulnerabilities USN-888-1
Ubuntu Update for Linux kernel vulnerabilities USN-888-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8881.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for bind9 vulnerabilities USN-888-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
bind security update
30:9.3.6-4.P1.2 - NSEC validation code could cause wrong NXDOMAIN responses 554851, CVE-2010-0097 - improve fix for CVE-2009-4022 538744 - C,DNAMEs could be returned to clients without proper DNSSEC validation - don't validate + cache out-of-bailiwick data returned with a secure answer. Refetch i...
CVE-2010-0290
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query a...
FreeBSD-SA-10:01.bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:01.bind Security Advisory The FreeBSD Project Topic: BIND named8 cache poisoning with DNSSEC validation Category: contrib Module: bind Announced: 2010-01-06...
FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation
Problem Description: If a client requests DNSSEC records with the Checking Disabled CD flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag...
Mandriva Linux Security Advisory : bind (MDVSA-2009:313-1)
Some vulnerabilities were discovered and corrected in bind : Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled CD, allows remote attackers to...
ISC BIND 9 Haunted by Cache Poisoning Flaw
The Internet Systems Consortium ISC has shipped a patch to cover a “severe” cache poisoning vulnerability for BIND 9 users who have DNSSEC validation turned on. The vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache...
Fedora Core 11 FEDORA-2009-12218 (bind)
The remote host is missing an update to bind announced via advisory FEDORA-2009-12218. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
RHEL 5 : bind (RHSA-2009:1620)
"Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS...
Fedora 12 : bind-9.6.1-13.P2.fc12 (2009-12233)
Update to 9.6.1-P2 release which contains following fix: Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
Fedora 11 : bind-9.6.1-7.P2.fc11 (2009-12218)
Update to 9.6.1-P2 release which contains following fix: Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
ISC BIND 9 DNSSEC查询响应远程缓存中毒漏洞
BUGTRAQ ID: 37118 CVECAN ID: CVE-2009-4022 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 启用了DNSSEC验证的名称服务器在解析递归客户端查询期间可能错误的从所接收到响应的附加部分向其缓存添加记录,这是一种缓存中毒的情况。...
CVE-2009-4022
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...