ISC BIND deny-answer-aliases Assertion Failure Denial of Service (CVE-2018-5740)

A denial-of-service vulnerability has been reported in ISC BIND9. The vulnerability is due to improper handling of certain responses when BIND is configured to use the deny-answer-aliases feature. A remote attacker could exploit this vulnerability by providing a specific response to a DNAME or AN...

DEBIAN-CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, ...

ALPINE-CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, ...

Design/Logic Flaw

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, ...

CVE-2018-5740

CVE-2018-5740 is a flaw in the deny-answer-aliases feature of BIND that can cause an assertion failure in named, potentially restarting the bind process (denial of service). Affected BIND versions include 9.7.0–9.8.8, 9.9.0–9.9.13, 9.10.0–9.10.8, 9.11.0–9.11.4, 9.12.0–9.12.2, and 9.13.0–9.13.2. R...

CVE-2018-5740 A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, ...

CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, ...

openSUSE Security Update : pdns (openSUSE-2018-1594)

This update for pdns fixes the following issues : Security issues fixed : - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer bsc1114157. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Apple iOS v12.1.1 - Combo Passcode Bypass Vulnerability

Document Title: =============== Apple iOS v12.1.1 - Combo Passcode Bypass Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2169 Watch Video: https://www.youtube.com/watch?v=QjhV59-NA60 Advisory: https://www.vulnerability-lab.com/getcontent.php?id=2162...

Security update for pdns (moderate)

This update for pdns fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer bsc1114157...

Security update for pdns-recursor (moderate)

This update for pdns-recursor fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer bsc1114157. - CVE-2018-14644: Fixed denial of service via crafted query for meta-types bsc1114170. - CVE-2018-14626: Fixed packet...

PowerDNS Recursor Crafted Answer DoS Vulnerability (2018-04)

An issue has been found in PowerDNS Recursor allowing a malicious authoritative server to cause a memory leak by sending specially crafted records. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed...

F5 Networks BIG-IP : BIG-IP BIND vulnerability (K98528405)

A flaw in the 'deny-answer-aliases' feature can cause an INSIST assertion failure in named. CVE-2018-5740 Impact A flaw in a rarely used BIND feature can cause an assertion failure in named . As a result, the bind process restarts. C Tenable Network Security, Inc. The descriptive text and package...

WordPress Plugin Question Answer Has Multiple Cross-Site Scripting Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in WordPress plugin Question Answer v1.2.30, which can be exploited by...

WordPress Question Answer 1.2.30 Cross Site Scripting

========================================================================================== Question Answer v1.2.30 WordPress Plugin - Multiple Cross-Site Scripting Vulnerabilities ========================================================================================== Exploit Title: Question...

USN-3769-2: Bind vulnerability

USN-3769-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bin...

USN-3769-1: Bind vulnerability

It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service...

USN-3769-1 bind9 vulnerability

It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service...

Wordpress Survey & Poll 1.5.7.3 Plugin - sss_params SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection Exploit Author: Ceylan Bozogullarindan Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link:...

Debian DLA-1485-1 : bind9 security update

CVE-2018-5740 The 'deny-answer-aliases' feature in BIND has a flaw which can cause named to exit with an assertion failure. For Debian 8 'Jessie', this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u16. We recommend that you upgrade your bind9 packages. NOTE: Tenable Network Security has...