CVE-2009-0265
https://notcve.org/view.php?id=CVE-2009-0265
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. Internet Systems Consortium (ISC) BIND en versiones 9.6.0 y anteriores no comprueba adecuadamente el valor de retorno de la función EVP_VerifyFinal de OpenSSL, lo cual permite a atacantes remotos eludir la validación del certificado a través de una firma SSL/TLS malformada, se trata de una vulnerabilidad similar a CVE-2008-5077 y CVE-2009-0025. • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://secunia.com/advisories/33559 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 http://www.mandriva.com/security/advisories?name=MDVSA-2009:037 http://www.vupen.com/english/advisories/2009/0043 https://www.isc.org/node/373 • CWE-252: Unchecked Return Value CWE-295: Improper Certificate Validation •
CVE-2009-0025 – bind: DSA_do_verify() returns check issue
https://notcve.org/view.php?id=CVE-2009-0025
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3 y versiones anteriores no comprueba adecuadamente el valor de retorno de la función OpenSSL DSA_verify, lo que permite a atacantes remotos eludir la validación de la cadena del certificado a través de una firma SSL/TLS mal formada, una vulnerabilidad similar a CVE-2008-5077. • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://secunia.com/advisories/33494 http://secunia.com/advisories/33546 http://secunia.com/advisories/33551 http://secunia.com/advisories/33559 http://secunia.com/advisories/33683 http://secunia.com/advisories/33882 http://secunia.com/advisories/35074 http://security • CWE-287: Improper Authentication •
CVE-2008-4163
https://notcve.org/view.php?id=CVE-2008-4163
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. Vulnerabilidad sin especificar en ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, y 9.5.0-P2-W1 sobre Windows, permite a atacantes remotos provocar una denegación de servicio (caída del manejador cliente UDP) a través de vectores desconocidos. • http://marc.info/?l=bind-announce&m=122180244228376&w=2 http://marc.info/?l=bind-announce&m=122180244228378&w=2 http://marc.info/?l=bind-announce&m=122180376630150&w=2 http://secunia.com/advisories/31924 http://www.securityfocus.com/bid/31252 http://www.securitytracker.com/id?1020901 http://www.vupen.com/english/advisories/2008/2637 https://exchange.xforce.ibmcloud.com/vulnerabilities/45234 • CWE-20: Improper Input Validation •
CVE-2008-0122 – libbind off-by-one buffer overflow
https://notcve.org/view.php?id=CVE-2008-0122
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. Error por un paso en la función inet_network en libbind en ISC BIND 9.4.2 y versiones anteriores, como se utiliza en libc en FreeBSD 6.2 hasta la versión 7.0-PRERELEASE, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de entradas manipuladas que desencadenan corrupción de memoria. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28367 http://secunia.com/advisories/28429 http://secunia.com/advisories/28487 http://secunia.com/advisories/28579 http://secunia.com/advisories/29161 http://secunia.com/advisories/29323 http://secunia.com/advisories/30313 http://secunia.com/advisories/30538 http://secunia.com/advisories/30718 http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc http://sunsolve.s • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVE-2007-2925
https://notcve.org/view.php?id=CVE-2007-2925
The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. La lista de control de acceso por defecto (ACL) en ISC BIND 9.4.0, 9.4.1, y 9.5.0a1 hasta 9.5.0a5 no asigna las ACLs allow-recursion y allow-query-cache, lo cual permite a atacantes remotos realizar consultas recursivas y consultar la cache. • http://secunia.com/advisories/26227 http://secunia.com/advisories/26236 http://secunia.com/advisories/26509 http://secunia.com/advisories/26515 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903 http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml http://www.isc.org/index.pl?/sw/bind/bind-security.php http://www.mandriva.com/security/advisories?name=MDKSA-2007:149 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html http://www.secu •