733 matches found
CVE-2024-4076
A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server. Mitigation Mitigation for this issue is either not available or the currently available...
CVE-2024-1975
A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...
CVE-2024-0760
A flaw was found in the bind9 package, where a malicious client may send many DNS messages over the TCP protocol, leading to instabilities on the server side and potentially causing a denial of service. The server will recover automatically once the attack ceases. Mitigation Mitigation for this...
USN-6909-1: Bind vulnerabilities
It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. CVE-2024-0760 Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large numb...
CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
CVE-2024-0760
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0...
CVE-2024-1975
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG0 signed requests. This issue affects BIND 9 versions 9.0.0 through...
Rocky Linux 8 : bind and dhcp (RLSA-2024:3271)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3271 advisory. bind9: Parsing large DNS messages may cause excessive CPU load CVE-2023-4408 bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387...
Important: Red Hat Security Advisory: dnsmasq security update
An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: dnsmasq security update
An update for dnsmasq is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...
RHEL 8 : dnsmasq (RHSA-2024:3929)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3929 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...
RHEL 8 : dnsmasq (RHSA-2024:3877)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3877 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...
Debian: Security Advisory (DLA-3816-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3816-1] bind9 security update
Debian LTS Advisory DLA-3816-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón May 17, 2024 https://wiki.debian.org/LTS Package : bind9 Version : 1:9.11.5.P4+dfsg-5.1+deb10u11 CVE ID : CVE-2023-50387 CVE-2023-50868 Debian Bug : Two vulnerabilities were...
DLA-3816-1 bind9 - security update
Bulletin has no description...
Debian dla-3816 : bind9 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3816 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3816-1 [email protected]...
RHEL 8 : bind and dhcp (RHSA-2024:2890)
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2890 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...
bind9: Parsing large DNS messages may cause excessive CPU load
A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...
RHEL 8 : bind and dhcp (RHSA-2024:2821)
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2821 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...