bind, caching security update

CentOS Errata and Security Advisory CESA-2009:1179 Updated bind packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Updated 29th July 2009 The packages in this...

Important: Red Hat Security Advisory: bind security and bug fix update

Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System D...

bind: DoS (assertion failure) via nsupdate packets

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

bind: DoS (assertion failure) via nsupdate packets

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

Design/Logic Flaw

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

CVE-2009-0696

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

BIND -- Dynamic update message remote DoS

Problem Description: When named8 receives a specially crafted dynamic update message an internal assertion check is triggered which causes named8 to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set RRset for this...

Memory corruption

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 the frame chain and synchronous events, 2 a SetMayHaveFrame assertion and...

openSUSE Security Update : openldap2 (openldap2-145)

This update fixes a security problem in the liblber client library of openldap that allowed remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams, which triggers an assertion error. CVE-2008-2952 Additionally a bug was fixed in ldapfreeconnection which...

IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 25 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. PK73246 - An error in Single Sign-on SSO with SPNEGO implementation could allow a remote...

Memory corruption

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 jsLeaveSharpObject, 2...

Quagga Denial of Service Vulnerability

Quagga for Linux is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-1788-1 : quagga - improper assertion

It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service. %NASLMINLEVEL...

quagga DoS

Assertion on receiving prefix with large number of 4-byte AS numbers...

FreeBSD : Darwin Streaming Server denial-of-service vulnerability (c7cad0f0-671a-11d8-bdeb-000a95bc6fae)

An attacker can cause an assertion to trigger by sending a long User-Agent field in a request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : avahi vulnerabilities (USN-696-1)

Emanuele Aina discovered that Avahi did not properly validate its input when processing data over D-Bus. A local attacker could send an empty TXT message via D-Bus and cause a denial of service failed assertion. This issue only affected Ubuntu 6.06 LTS. CVE-2007-3372 Hugo Dias discovered that Ava...

Mandriva Update for bind MDKSA-2007:030 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDKSA-2007:030 bind Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for kdenetwork MDKSA-2007:009 (kdenetwork)

Check for the Version of kdenetwork OpenVAS Vulnerability Test Mandriva Update for kdenetwork MDKSA-2007:009 kdenetwork Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Mandriva Update for bind MDKSA-2007:030 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDKSA-2007:030 bind Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

MySQL 6.0 < 6.0.10 XPath Expression DoS

The version of MySQL 6.0 installed on the remote host is earlier than 6.0.10 and thus affected by a denial of service vulnerability. Specifically, an authenticated user can cause an assertion failure leading to a server crash by calling 'ExtractValue' or 'UpdateXML' using an XPath expression...