Page 10 of 50 results (0.013 seconds)

CVSS: 4.3EPSS: 97%CPEs: 92EXPL: 0

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. ISC BIND 9.0.x, 9.1.x, 9.2.0 hasta la versión 9.2.7, 9.3.0 hasta la versión 9.3.3, 9.4.0a1 hasta la versión 9.4.0a6, 9.4.0b1 hasta la versión 9.4.0b4, 9.4.0rc1 y 9.5.0a1 (solo Bind Forum) permite a atacantes remotos provocar una denegación de servicio (salida) a través de la respuesta a una consulta DNS tipo * (ANY) que contiene múltiples RRsets, lo que desencadena un error de aserción, también conocido como la vulnerabilidad "DNSSEC Validation". • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://docs.info.apple.com/article.html?artnum=305530 http://fedoranews.org/cms/node/2507 http://fedoranews.org/cms/node/2537 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://lists.grok.org.uk/pipermail/ • CWE-19: Data Processing Errors •

CVSS: 5.0EPSS: 20%CPEs: 11EXPL: 0

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de una inundación de preguntas recurrentes, que causan una fallo de INSIST cuando se recibe la respuesta después de que la cola recursiva esté vacía. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21790 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://s •

CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories&#x • CWE-617: Reachable Assertion •

CVSS: 5.0EPSS: 8%CPEs: 13EXPL: 0

Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. • http://secunia.com/advisories/19808 http://securitytracker.com/id?1015993 http://www.kb.cert.org/vuls/id/955777 http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en http://www.securityfocus.com/bid/17692 http://www.vupen.com/english/advisories/2006/1505 http://www.vupen.com/english/advisories/2006/1537 https://exchange.xforce.ibmcloud.com/vulnerabilities/26081 •

CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 0

An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. • http://secunia.com/advisories/14008 http://securitytracker.com/id?1012995 http://www.isc.org/index.pl?/sw/bind/bind-security.php http://www.isc.org/index.pl?/sw/bind/bind9.php http://www.kb.cert.org/vuls/id/938617 http://www.securityfocus.com/bid/12365 http://www.trustix.org/errata/2005/0003 http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19062 •