bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content

A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server...

SUSE CVE-2011-0414

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...

bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability...

bind: BIND does not sufficiently limit the number of fetches performed when processing referrals

A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector...

bind: An error in TSIG authentication can permit unauthorized dynamic updates

A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG0 signature for a dynamic update request...