GHSA-H8MM-C463-WJQ3 CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass)

Summary CoreDNS' transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. A permissive parent-zone transfer rule can override a restrictive subzone rule name-dependent, allowing an unauthorized client to perform AXFR/IXFR for the subzone...

CVE-2022-27227

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers...

bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly

Incremental zone transfers IXFR provide a way of transferring changed portions of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in...

CLSA-2021-1634922250 Fixed CVEs in bind: CVE-2021-25214, CVE-2021-25216, CVE-2021-25215

A broken inbound incremental zone update IXFR can cause named to terminate unexpectedly CVE-2021-25214 - An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself CVE-2021-25215 - A second vulnerability in BIND's GSSAPI security...

DEBIAN-CVE-2021-25214

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malform...

ALPINE-CVE-2021-25214

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malform...

Fedora 27 : 32:bind (2018-90f8fbd58e)

Update to 9.11.4-P1 - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

UBUNTU-CVE-2016-6171

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service memory exhaustion and slave server crash via a large zone transfer for 1 DDNS, 2 AXFR, or 3 IXFR...

DEBIAN-CVE-2016-6170

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service secondary DNS server crash via a large AXFR response, and possibly allows IXFR servers to cause a denial of service IXFR client crash via a large IXFR response...

PT-2016-6781 · Isc +4 · Isc Bind +4

Name of the Vulnerable Software and Affected Versions: ISC BIND versions 9.9.9 through 9.9.9-P1 ISC BIND versions 9.10.x through 9.10.4-P1 ISC BIND versions 9.11.x through 9.11.0b1 Description: The issue allows primary DNS servers to cause a denial of service secondary DNS server crash via a larg...

Knot DNS 1.5.2 Incremental Zone Transfer (IXFR) DoS

The remote host is running Knot DNS version 1.5.2. It is, therefore, affected by an error that could allow certain Incremental Zone Transfer IXFR messages to crash the server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid78890; scriptversion"1.4"; scriptcvsdate"Dat...

Debian Security Advisory DSA 2208-1 (bind9)

The remote host is missing an update to bind9 announced via advisory DSA 2208-1. OpenVAS Vulnerability Test $Id: deb22081.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2208-1 bind9 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian DSA-2208-1 : bind9 - denial of service

It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer IXFR. Such an update while processing a query could result in deadlock and denial of service. CVE-2011-041...

[SECURITY] [DSA 2208-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2208-1 [email protected] http://www.debian.org/security/ Florian Weimer March 30, 2011 http://www.debian.org/security/faq -...

DSA-2208-1 bind9 - denial of service

Bulletin has no description...

DEBIAN-CVE-2011-0414

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...