ISC BIND Assertion Error Resource Record RDATA Query Parsing Remote DoS

According to its self-reported version number, the remote installation of BIND will exit with an assertion failure if a resource record with RDATA in excess of 65535 bytes is loaded and then subsequently queried. Note that Nessus has only relied on the version itself and has not attempted to...

CentOS Update for quagga CESA-2012:1259 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-4922

The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...

CVE-2012-4419

The comparetoraddrtoaddrpolicy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service assertion failure and daemon exit via a zero-valued port field that is not properly handled during policy comparison...

DEBIAN-CVE-2012-4419

The comparetoraddrtoaddrpolicy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service assertion failure and daemon exit via a zero-valued port field that is not properly handled during policy comparison...

CVE-2012-4419

The comparetoraddrtoaddrpolicy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service assertion failure and daemon exit via a zero-valued port field that is not properly handled during policy comparison...

Design/Logic Flaw

The comparetoraddrtoaddrpolicy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service assertion failure and daemon exit via a zero-valued port field that is not properly handled during policy comparison...

Directory traversal

The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...

CVE-2012-4922

Vulnerability summary (CVE-2012-4922) : In Tor, the tor_timegm function in common/util.c did not properly validate time values for a malformed directory object, allowing a remote attacker to trigger an assertion failure and daemon exit (DoS). This affects Tor versions before 0.2.2.39 and 0.2.3.x ...

CVE-2012-4419

CVE-2012-4419 affects Tor up to 0.2.2.39 and 0.2.3.x up to 0.2.3.21-rc. The vulnerability lies in compare_tor_addr_to_addr_policy (or/policies.c): a zero-valued port during policy comparison can trigger an assertion and cause the daemon to exit. Mitigation: upgrade to patched Tor versions (e.g., ...

CVE-2012-4244

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...

Design/Logic Flaw

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...

bind: specially crafted resource record causes named to exit

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query for a long resource record...

Important: Red Hat Security Advisory: bind security and bug fix update

Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 5 : bind (RHSA-2012:1267)

"Updated bind packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 6 : quagga (CESA-2012:1259)

Updated quagga packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2012-4244

CVE-2012-4244 affects BIND 9.x with RDATA values exceeding 65535 bytes, enabling remote DoS via assertion failure in the named daemon. Connected advisories confirm a broad impact across multiple distributions and products (FreeBSD SA-12:06.bind; CentOS/RHEL updates; Fedora package updates; F5 adv...

Debian DSA-2548-1 : tor - several vulnerabilities

Several vulnerabilities have been discovered in Tor, an online privacy tool. - CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote crash, resulting in denial of service. - CVE-2012-3519 Try t...

Scientific Linux Security Update : quagga on SL6.x i386/x86_64 (20120912)

A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user...

[SECURITY] [DSA 2548-1] tor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2548-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 13, 2012 http://www.debian.org/security/faq -...