CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...

Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170705)

Security Fixes : - A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG0 signature for a dynamic update...

SUSE-SU-2017:1738-1 Security update for bind

This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into 1 providing an...

old version of host command vulnearbility

Synopsis -------- Old versions of the 'host' command, contain an exploitable buffer overflow. Sorry if this is already known, it seems an old problem but I failed searching it in the bugtraq archives. Versions -------- The version affected is the following: static char rcsid = "$Id: host.c,v 8.21...