Lucene search
K

1440 matches found

CERT
CERT
added 2012/06/04 12:0 a.m.52 views

ISC BIND 9 zero length rdata named vulnerability

Overview ISC BIND 9 named contains a vulnerability that could allow a attacker to cause named to terminate unexpectedly. Description According to ISC's security advisory:This problem was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null ze...

8.5CVSS8.3AI score0.13405EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2012/06/04 12:0 a.m.47 views

CVE-2012-1667

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service daemon crash or data corruption or obta...

8.5CVSS6.9AI score0.13405EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/04/06 12:0 a.m.11 views

MDVA-2012:034 : bind

This is a bugfix and maintenance release that upgrades ISC BIND to the latest respective versions which resolves numerous upstream bugs. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable...

6.9AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2012/02/12 12:0 a.m.3 views

ISC BIND Zero Length RDATA Denial of Service - Ver2 (CVE-2012-1667)

A denial of service vulnerability has been reported in ISC BIND. The vulnerability is due to improper handling of zero-length RDATA in certain record types. A remote attacker can exploit this issue by loading a specially crafted file to the DNS server. Successful exploitation would cause the serv...

8.5CVSS8.2AI score0.13405EPSS
Exploits1
seebug.org
seebug.org
added 2012/02/09 12:0 a.m.228 views

ISC BIND安全限制绕过漏洞(CVE-2012-1033)

BUGTRAQ ID: 51898 CVE ID: CVE-2012-1033 BIND是一个应用非常广泛的DNS协议实现,由ISC负责维护,具体的开发由Nominum公司完成。 ISC BIND在缓存更新策略的实现上存在无法正确处理废弃域名的安全限制绕过漏洞,可导致从注册表中删除后还可以解析域名。 0 ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x 厂商补丁: ISC ---...

5CVSS8.4AI score0.13538EPSS
Exploits1
NVD
NVD
added 2012/02/08 8:55 p.m.20 views

CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

5CVSS8.3AI score0.13538EPSS
Exploits1References11
OSV
OSV
added 2012/02/08 8:55 p.m.12 views

CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

5CVSS6.2AI score0.13538EPSS
Exploits1References11
Prion
Prion
added 2012/02/08 8:55 p.m.30 views

Code injection

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

5CVSS6.8AI score0.13538EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2012/02/08 8:0 p.m.243 views

CVE-2012-1033

The CVE-2012-1033 issue affects ISC BIND 9 up to 9.8.1-P1, where the resolver overwrites cached NS records and TTLs during handling of an A query response. This can allow remote attackers to trigger continued resolvability of revoked domain names via a ghost domain names attack. Public Nessus/IDS...

5CVSS8.1AI score0.13538EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2012/02/08 8:0 p.m.27 views

CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

8.3AI score0.13538EPSS
Exploits1References11
Debian CVE
Debian CVE
added 2012/02/08 8:0 p.m.36 views

CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

5CVSS7AI score0.13538EPSS
Exploits1
CERT
CERT
added 2012/02/08 12:0 a.m.34 views

ISC BIND 9 resolver cache vulnerability

Overview ISC BIND 9 resolver contains a vulnerability that could allow a attacker to keep a domain name in the cache even after it has been deleted from registration. Description According to ISC:I SC has been notified by Haixin Duan a professor at Tsinghua University in Beijing China, who is...

5CVSS8.2AI score0.13538EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2012/02/08 12:0 a.m.26 views

CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

5CVSS6.9AI score0.13538EPSS
Exploits1References3
NVD
NVD
added 2011/11/29 5:55 p.m.15 views

CVE-2011-4313

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service assertion failure and named exit via unknown vectors related to recursive DNS...

5CVSS6.4AI score0.16747EPSS
Exploits0References39
OSV
OSV
added 2011/11/29 5:55 p.m.7 views

CVE-2011-4313

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service assertion failure and named exit via unknown vectors related to recursive DNS...

5CVSS6.5AI score0.16747EPSS
Exploits0References40
Cvelist
Cvelist
added 2011/11/29 5:0 p.m.33 views

CVE-2011-4313

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service assertion failure and named exit via unknown vectors related to recursive DNS...

8.2AI score0.16747EPSS
Exploits0References39
CVE
CVE
added 2011/11/29 5:0 p.m.224 views

CVE-2011-4313

Description summary: CVE-2011-4313 affects ISC BIND 9.0.x–9.9.0b1 and can cause a remote denial of service (assertion failure and named exit) triggered by certain recursive DNS query handling and the caching of an invalid record. Root cause / impact: the issue is tied to the resolver’s processing...

5CVSS8AI score0.16747EPSS
Exploits0References39Affected Software1
Debian CVE
Debian CVE
added 2011/11/29 5:0 p.m.26 views

CVE-2011-4313

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service assertion failure and named exit via unknown vectors related to recursive DNS...

5CVSS6.8AI score0.16747EPSS
Exploits0
CERT
CERT
added 2011/11/22 12:0 a.m.36 views

ISC BIND 9 resolver denial of service vulnerability

Overview ISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c. Description According to ISC:An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers wit...

5CVSS8.3AI score0.16747EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2011/11/21 12:0 a.m.10 views

MDVA-2011:083 : bind

The default configuration and compiled in options for ISC BIND uses DNSSEC per default which under certain circumstances can result in huge latencies due to the overhead of trying to validate each lookup, and everytime. This has now been disabled in the configuration file...

6.9AI score
Exploits0References1
Rows per page
Query Builder