Lucene search
K

1440 matches found

Tenable Nessus
Tenable Nessus
added 2013/11/13 12:0 a.m.28 views

ISC BIND 9 localnets ACL Security Bypass

According to its self-reported version number, the remote installation of BIND on Windows contains an ACL security bypass vulnerability because the Winsock API does not properly support the 'SIOGETINTERFACELIST' command for the netmask 255.255.255.255. The netmask 255.255.255.255 will be translat...

6.8CVSS5.6AI score0.05706EPSS
Exploits0References12
NVD
NVD
added 2013/11/08 4:47 a.m.15 views

CVE-2013-6230

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIOGETINTERFACELIST command for netmask 255.255.255.255, which allows remot...

6.8CVSS6.8AI score0.05706EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2013/11/08 4:47 a.m.29 views

CVE-2013-6230

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIOGETINTERFACELIST command for netmask 255.255.255.255, which allows remot...

6.8CVSS5.9AI score0.05706EPSS
Exploits0References2
Prion
Prion
added 2013/11/08 4:47 a.m.21 views

Command injection

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIOGETINTERFACELIST command for netmask 255.255.255.255, which allows remot...

6.8CVSS7.3AI score0.05706EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/11/08 2:0 a.m.27 views

CVE-2013-6230

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIOGETINTERFACELIST command for netmask 255.255.255.255, which allows remot...

6.7AI score0.05706EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2013/11/08 2:0 a.m.30 views

CVE-2013-6230

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIOGETINTERFACELIST command for netmask 255.255.255.255, which allows remot...

6.8CVSS6.7AI score0.05706EPSS
Exploits0
seebug.org
seebug.org
added 2013/08/25 12:0 a.m.32 views

ISC BIND 9 SRTT算法授权服务器选择安全漏洞

BUGTRAQ ID: 61774 BIND是一个应用非常广泛的DNS协议的实现。 ISC BIND 9内的SRTT算法实现中存在漏洞,理论上此漏洞可使攻击者手动降低递归服务器与授权服务器相关联的SRTT值,从而影响特定授权服务器从NS资源记录集值内确定要查询的域服务器。SRTT选择不仅影响授权服务器,也影响递归或授权混合服务器。攻击者可利用此漏洞执行DNS相关的攻击,例如DNS缓存投毒。 0 ISC BIND 9.x 厂商补丁: ISC --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/08/19 12:0 a.m.4 views

ISC BIND RDATA Handling Assertion Failure Denial of Service (CVE-2012-4244; CVE-2013-4854)

A denial of service vulnerability exists in ISC BIND. The vulnerability is due to an assertion failure that occurs when handling malformed RDATA. A remote attacker could exploit this vulnerability by sending a DNS query response with a specially crafted resource record to an affected server...

7.8CVSS7.1AI score0.36798EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2013/08/13 12:0 a.m.40 views

ISC BIND rdata Denial Of Service Vulnerability

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of an rdata section with a length that is less than four. The issue...

7.8CVSS1.9AI score0.3415EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/08/08 12:0 a.m.17 views

ISC BIND 9 DNS RDATA Handling Remote DoS

Binary data 6964.prm...

7.8CVSS7.3AI score0.3415EPSS
Exploits1References3
seebug.org
seebug.org
added 2013/07/30 12:0 a.m.1605 views

ISC BIND 9 DNS RDATA处理远程拒绝服务漏洞

Bugtraq ID:61479 CVE ID:CVE-2013-4854 ISC BIND是一款DNS协议的实现 ISC BIND在解析DNS查询中的RDATA数据时存在错误,允许远程攻击者利用漏洞提交包含畸形RDATA数据的特殊查询可触发REQUIRE断言,使服务程序崩溃。此漏洞已经在网络上积极利用,权威和递归服务器都受此漏洞影响 0 ISC BIND 9.8.0 - 9.8.5-P1 ISC BIND 9.9.0 - 9.9.3-P1 厂商解决方案 ISC BIND 9.8.5-P2,9.9.3-P2和9.9.3-S1-P1已经修复此漏洞,建议用户下载更新:...

7.8CVSS6.3AI score0.3415EPSS
Exploits1
Mageia
Mageia
added 2013/07/29 2:2 p.m.52 views

Updated bind package fixes security vulnerability

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...

7.8CVSS5.8AI score0.3415EPSS
Exploits1References5
OSV
OSV
added 2013/07/29 2:2 p.m.8 views

MGASA-2013-0237 Updated bind package fixes security vulnerability

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service daemon crash via a query with a malformed RDATA section...

7.8CVSS6.1AI score0.3415EPSS
Exploits1References6
NVD
NVD
added 2013/07/29 1:59 p.m.18 views

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...

7.8CVSS8.1AI score0.3415EPSS
Exploits1References29
Prion
Prion
added 2013/07/29 1:59 p.m.19 views

Code injection

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...

7.8CVSS6.9AI score0.3415EPSS
Exploits1References29Affected Software12
Tenable Nessus
Tenable Nessus
added 2013/07/29 12:0 a.m.28 views

Mandriva Linux Security Advisory : bind (MDVSA-2013:202)

A vulnerability has been discovered and corrected in bind : The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of...

7.8CVSS6.3AI score0.3415EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/07/29 12:0 a.m.32 views

ISC BIND 9 RDATA Section Handling DoS

According to its self-reported version number, the remote installation of BIND can be forced to crash via specially crafted queries containing malformed 'rdata' contents. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actual...

7.8CVSS6.6AI score0.3415EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2013/07/27 12:0 a.m.31 views

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...

7.8CVSS6.9AI score0.3415EPSS
Exploits1References3
Cvelist
Cvelist
added 2013/07/26 11:0 p.m.26 views

CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...

5.8AI score0.3415EPSS
Exploits1References29
CVE
CVE
added 2013/07/26 11:0 p.m.466 views

CVE-2013-4854

CVE-2013-4854 affects ISC BIND, where the RFC 5011 RDATA handling in rdata.c can trigger an assertion failure during log message construction when processing a malformed RDATA, allowing remote DoS with named exiting. Vulnerable ranges include BIND 9.7.x and 9.8.x before 9.8.5-P2 and 9.8.6b1, 9.9....

7.8CVSS5.6AI score0.3415EPSS
Exploits1References29Affected Software1
Rows per page
Query Builder