Lucene search
K

274 matches found

Prion
Prion
added 2010/10/05 10:0 p.m.19 views

Input validation

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...

4.3CVSS6.9AI score0.08086EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2010/10/05 12:0 a.m.38 views

CVE-2010-3762

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service daemon crash via a DNS query...

4.3CVSS5.9AI score0.08086EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/06/08 12:0 a.m.29 views

Debian DSA-2054-1 : bind9 - DNS cache poisoning

Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems : -...

7.6CVSS7.1AI score0.09363EPSS
Exploits0References7
Debian
Debian
added 2010/06/04 7:22 p.m.44 views

[SECURITY] [DSA 2054-1] New bind9 packages fix cache poisoning

------------------------------------------------------------------------ Debian Security Advisory DSA-2054-1 [email protected] http://www.debian.org/security/ Florian Weimer June 04, 2010 http://www.debian.org/security/faq -...

7.6CVSS8.2AI score0.09363EPSS
Exploits0
OSV
OSV
added 2010/01/22 10:0 p.m.11 views

CVE-2010-0097

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records, which allows remote attackers to add the Authenticated Data AD flag to a forged NXDOMAIN response for an existing domain...

4.3CVSS6.3AI score0.09363EPSS
Exploits0References36
OSV
OSV
added 2010/01/22 10:0 p.m.11 views

CVE-2010-0290

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query a...

2.6CVSS6.5AI score0.07952EPSS
Exploits1References20
CVE
CVE
added 2010/01/22 9:20 p.m.218 views

CVE-2010-0290

CVE-2010-0290 is described in connected F5 advisories as an ISC BIND cache-poisoning vulnerability affecting BIND 9.0.x–9.3.x, 9.4 up to 9.4.3-P5, 9.5 up to 9.5.2-P2, 9.6 up to 9.6.1-P3, and 9.7.0 beta, when DNSSEC validation is enabled and CD checking is disabled. The attack involves receiving a...

4CVSS7.8AI score0.06775EPSS
Exploits0References20Affected Software1
OpenVAS
OpenVAS
added 2010/01/22 12:0 a.m.30 views

Ubuntu Update for bind9 vulnerabilities USN-888-1

Ubuntu Update for Linux kernel vulnerabilities USN-888-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8881.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for bind9 vulnerabilities USN-888-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

4.3CVSS8.1AI score0.09363EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2010/01/20 12:0 a.m.43 views

bind security update

30:9.3.6-4.P1.2 - NSEC validation code could cause wrong NXDOMAIN responses 554851, CVE-2010-0097 - improve fix for CVE-2009-4022 538744 - C,DNAMEs could be returned to clients without proper DNSSEC validation - don't validate + cache out-of-bailiwick data returned with a secure answer. Refetch i...

7.6CVSS1.9AI score0.09363EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2010/01/19 12:0 a.m.25 views

CVE-2010-0290

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query a...

4CVSS7.1AI score0.06775EPSS
Exploits0References3
FreeBSD Advisory
FreeBSD Advisory
added 2010/01/06 12:0 a.m.16 views

FreeBSD-SA-10:01.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:01.bind Security Advisory The FreeBSD Project Topic: BIND named8 cache poisoning with DNSSEC validation Category: contrib Module: bind Announced: 2010-01-06...

2.6CVSS7AI score0.07952EPSS
Exploits1
FreeBSD
FreeBSD
added 2010/01/06 12:0 a.m.15 views

FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation

Problem Description: If a client requests DNSSEC records with the Checking Disabled CD flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/12/04 12:0 a.m.27 views

Mandriva Linux Security Advisory : bind (MDVSA-2009:313-1)

Some vulnerabilities were discovered and corrected in bind : Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled CD, allows remote attackers to...

2.6CVSS7.2AI score0.07952EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2009/12/03 5:21 p.m.11 views

ISC BIND 9 Haunted by Cache Poisoning Flaw

The Internet Systems Consortium ISC has shipped a patch to cover a “severe” cache poisoning vulnerability for BIND 9 users who have DNSSEC validation turned on. The vulnerability exists in the way BIND 9 handles recursive client queries that may cause additional records to be added to its cache...

0.6AI score
Exploits0References3
OpenVAS
OpenVAS
added 2009/12/03 12:0 a.m.28 views

Fedora Core 11 FEDORA-2009-12218 (bind)

The remote host is missing an update to bind announced via advisory FEDORA-2009-12218. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

4.3CVSS7.7AI score0.12649EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2009/12/01 12:0 a.m.31 views

RHEL 5 : bind (RHSA-2009:1620)

"Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS...

2.6CVSS7.1AI score0.07952EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2009/11/30 12:0 a.m.19 views

Fedora 12 : bind-9.6.1-13.P2.fc12 (2009-12233)

Update to 9.6.1-P2 release which contains following fix: Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

2.6CVSS7.2AI score0.07952EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2009/11/30 12:0 a.m.25 views

Fedora 11 : bind-9.6.1-7.P2.fc11 (2009-12218)

Update to 9.6.1-P2 release which contains following fix: Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

2.6CVSS7.2AI score0.07952EPSS
Exploits1References3
seebug.org
seebug.org
added 2009/11/27 12:0 a.m.213 views

ISC BIND 9 DNSSEC查询响应远程缓存中毒漏洞

BUGTRAQ ID: 37118 CVECAN ID: CVE-2009-4022 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 启用了DNSSEC验证的名称服务器在解析递归客户端查询期间可能错误的从所接收到响应的附加部分向其缓存添加记录,这是一种缓存中毒的情况。...

2.6CVSS0.4AI score0.07952EPSS
Exploits1
OSV
OSV
added 2009/11/25 4:30 p.m.10 views

CVE-2009-4022

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...

2.6CVSS6.4AI score0.07952EPSS
Exploits1References44
Rows per page
Query Builder