Memory Leak

bind is vulnerable to memory leak. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

Debian: Security Advisory (DSA-5235-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2022-264-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.16.33-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix memory leak in EdDSA verify...

CVE-2022-2795

A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

CVE-2022-2906

A flaw was found in the Bind package, where a flaw in ‘named’ can cause a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions. This flaw allows an attacker to gradually erode available memory to the point where ‘named’ crashes d...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Bind vulnerabilities (USN-5626-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5626-1 advisory. Yehuda Afek, Anat Bremler-Barr, and Shani Stajnrod discovered that Bind incorrectly handled large delegations. A remote attacker...

Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2022-264-01)

The version of bind installed on the remote host is prior to 9.16.33 / 9.18.7. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-264-01 advisory. - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the...

Windows shellcode stage, Hidden Bind Ipknock TCP Stager

Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socket will appear as "closed," thu...

Powershell Exec, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid s...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.1.6)

The version of AOS installed on the remote host is prior to 6.0.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0.1.6 advisory. - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way i...

CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Race condition

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Ubuntu: Security Advisory (USN-3346-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Condition Issue vulnerability that stems from its PLP Rose function triggering a competitive condition when a user invokes bind, as well...

Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2018-5744 CVE-2019-6465 and CVE-2018-5745.

Summary ISC BIND is vulnerable to these security vulnerabilities. IBM i has addressed these vulnerabilities. This security bulletin has been updated, on June 21, 2019, as an additional IBM i PTF is available for IBM i 7.4. Vulnerability Details CVEID: CVE-2018-5745 DESCRIPTION: ISC BIND is...