ISC BIND 9.9.8 < 9.9.8-P2 / 9.10.3 < 9.10.3-P2 Socket Error Handling DoS

According to its self-reported version number, the remote installation of BIND is affected by a denial of service vulnerability due to a race condition that occurs when handling socket errors. An unauthenticated, remote attacker can exploit this to trigger an INSIST failure, resulting in a denial...

CVE-2015-8461

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via unspecified vectors...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

Race condition

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via unspecified vectors...

Authentication flaw

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8461

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via unspecified vectors...

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a malformed class attribute...

CVE-2015-8000

CVE-2015-8000 affects ISC BIND 9.x (before 9.9.8-P2 and 9.10.x before 9.10.3-P2). A flaw in db.c parsing incoming responses allows remote DoS via a malformed class attribute, causing an assertion failure and daemon exit. F5’s advisory notes vulnerability presence in BIG-IP family components that ...

CVE-2015-8461

CVE-2015-8461 affects ISC BIND 9.9.8-P2 and 9.10.3-P2. A race condition in resolver.c when processing socket errors can trigger an INSIST assertion failure and cause named to exit, leading to remote denial of service. Remediation is to apply the fixed releases (9.9.8-P2 / 9.10.3-P2) or update to ...

CVE-2015-8461

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via unspecified vectors...

AIX 6.1 TL 9 : bos.net.tcp.client (U861500)

The remote host is missing AIX PTF U861500, which is related to the security of the package bos.net.tcp.client. Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a...

AIX 7.1 TL 2 : bind (IV78094)

ISC BIND is vulnerable to a denial of service, caused by the exit of a validating resolver due to an assertion failure in buffer.c. By parsing a malformed DNSSEC key, a remote attacker could exploit this vulnerability to cause a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security,...

AIX 7.1 TL 3 : bind (IV78095)

ISC BIND is vulnerable to a denial of service, caused by the exit of a validating resolver due to an assertion failure in buffer.c. By parsing a malformed DNSSEC key, a remote attacker could exploit this vulnerability to cause a denial of service. %NASLMINLEVEL 70300 C Tenable Network Security,...

Vulnerability in BIND affects AIX,Vulnerability in BIND affects VIOS

IBM SECURITY ADVISORY First Issued: Tues Nov 3 09:00:00 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/bindadvisory9.asc https://aix.software.ibm.com/aix/efixes/security/bindadvisory9.asc...

CVE-2009-0265

Internet Systems Consortium ISC BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and...

CVE-2008-4163

Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service UDP client handler termination via unknown vectors...

CVE-2007-2930

The 1 NSIDSHUFFLEONLY and 2 NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors...

CVE-2007-5471

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service daemon exit via a GSS-TSIG request. NOTE: this issue probably affects other daemons that...