2014 matches found
DNS Server Zone Transfer Information Disclosure (AXFR)
The remote name server allows DNS zone transfers to be performed. A zone transfer lets a remote attacker instantly populate a list of potential targets. In addition, companies often use a naming convention that can give hints as to a servers primary application for instance, proxy.example.com,...
Possible DOS in Bind 8.2.2-P5
Hi, playing with bind and ZXFR feature zone transfer compressed with a possible insecure execlp"gzip", "gzip", NULL; , i discovered a Denial Of Service against Bind 8.2.2-P5 . By default Bind 8.2.2-P5 it's not compiled with ZXFR support unless you define it with define BINDZXFR so it will refuse...
DNS Server Recursive Query Cache Poisoning Weakness
It is possible to query the remote name server for third-party names. If this is your internal nameserver, then the attack vector may be limited to employees or guest access if allowed. If you are probing a remote nameserver, then it allows anyone to use it to resolve third party names such as...
CVE-1999-0532
A DNS server allows zone transfers...
CVE-1999-0533
A DNS server allows inverse queries...
CVE-1999-0532
CVE-1999-0532 denotes a DNS zone transfer disclosure. The provided connected docs confirm that a DNS server may allow AXFR zone transfers, enabling an attacker to enumerate zone data. Evidence includes references to a Metasploit DNS enumeration module and various scanners (OpenVAS, Nessus plugin)...
CVE-1999-0533
CVE-1999-0533 describes a vulnerability in a DNS server that allows inverse queries. Connected documents confirm the issue but do not specify affected products/versions, root cause in code, or a fix. Red Hat, NVD, CVE listings reiterate the description and provide no remediation details. PT-1997-...
bind.nxt.txt
http://www.isc.org/products/BIND/bind-security-19991108.html Name: "nxt bug" Versions affected: 8.2, 8.2 patchlevel 1, 8.2.1 Severity: CRITICAL Exploitable: Remotely Type: Access possible Description: A bug in the processing of NXT records can theoretically allow an attacker to gain access to the...
CVE-1999-0184
CVE-1999-0184 affects bind when built with the -DALLOW_UPDATES option, enabling dynamic updates to the DNS server and allowing malicious modification of DNS records. The vulnerability is tied to enabling dynamic updates in the DNS server, with impact described as potential modification of records...
WindowsNT DNS Server Character Saturation DoS
We could make the remote DNS server crash by flooding it with characters. It is likely a WindowsNT DNS server. Crashing the DNS server could allow an attacker to make your network non-functional, or even to use some DNS spoofing techniques to gain privileges on the network. C Tenable Network...
CVE-1999-0533
A DNS server allows inverse queries...
CVE-1999-0532
A DNS server allows zone transfers...
CVE-1999-0184
When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...
PT-1997-1152
Name of the Vulnerable Software and Affected Versions DNS server affected versions not specified Description The issue concerns a DNS server that allows zone transfers. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...