Page 10 of 55 results (0.019 seconds)

CVSS: 5.0EPSS: 10%CPEs: 239EXPL: 0

CVE-2011-4313 – bind: Remote denial of service against recursive servers via logging negative cache entry

https://notcve.org/view.php?id=CVE-2011-4313

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. query.c en ISC BIND v9.0.x hasta v9.6.x, v9.4-ESV hasta v9.4-ESV-R5, v9.6-ESV hasta v9.6-ESV-R5, v9.7.0 hasta v9.7.4, v9.8.0 hasta v9.8.1, y v9.9.0a1 hasta v9.9.0b1, permite a atacantes remotos provocar una denegación de servicio a través de vectores relacionados con peticiones DNS recursivas, errores de registro, y la captura de un registro inválido por el 'resolver'. • http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html http://lists.opensuse.org/opensuse-security-announce •

CVSS: 5.0EPSS: 5%CPEs: 41EXPL: 0

CVE-2011-2464 – bind: Specially constructed packet will cause named to exit

https://notcve.org/view.php?id=CVE-2011-2464

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. Vulnerabilidad no especificada en ISC BIND 9 v9.6.x antesw de v9.6-ESV-R4-P3, v9.7.x antes de v9.7.3-P3, y v9.8.x antes de v9.8.0-P4, permite a usuarios remotos provocar una denegación de servicio a través de una petición UPDATE manipulada. • http://blogs.oracle.com/sunsecurity/entry/cve_2011_2464_remote_denial http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062846.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/20 •

CVSS: 5.0EPSS: 94%CPEs: 238EXPL: 0

CVE-2011-1910 – bind: Large RRSIG RRsets and Negative Caching can crash named

https://notcve.org/view.php?id=CVE-2011-1910

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. Error de superación de límite (off-by-one) en named de ISC BIND 9.x anteriores a 9.7.3-P1, 9.8.x anteriores a 9.8.0-P2, 9.4-ESV anteriores a 9.4-ESV-R4-P1, y 9.6-ESV anteriores a 9.6-ESV-R4-P1 permite a servidores remotos DNS provocar una denegación de servicio (fallo de aserción y finalización del demonio) a través de una respuesta negativa que contenga RRSIG RRsets de gran tamaño. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html http://marc.info/?l=bugtraq&m=142180687100892&w=2 http://osvdb.org/72540 http://secunia.com/advisories/44677 http://secunia.com/advisories/44719 http://secunia.com/advisories/447 • CWE-189: Numeric Errors •

CVSS: 7.1EPSS: 9%CPEs: 9EXPL: 0

CVE-2011-0414

https://notcve.org/view.php?id=CVE-2011-0414

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. En ISC BIND versión 9.7.1 hasta 9.7.2-P3, cuando está configurado como un servidor autorizado, permite a los atacantes remotos generar una denegación de servicio (punto muerto y suspensión de demonio) al enviar una consulta en el momento de (1) una transferencia IXFR o ( 2) una actualización de DDNS. • http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43439 http://secunia.com/advisories/43443 http://www.debian.org/security/2011/dsa-2208 http://www.isc.org/software/bind/advisories/cve-2011-0414 http://www.kb.cert.org/vuls/id/449980 http://www.kb.cert.org/vuls/id/559980 http://www.securitytracker.com/id?1025110 http://www.ubuntu.com/usn/USN-1070-1 http://www.vupen.com/english/advisories/2011/0466 http:& • CWE-399: Resource Management Errors •

CVSS: 4.0EPSS: 1%CPEs: 26EXPL: 0

CVE-2010-3613 – bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named

https://notcve.org/view.php?id=CVE-2010-3613

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. named en ISC BIND 9.6.2 anteriores a 9.6.2-P3, 9.6-ESV anteriores a 9.6-ESV-R3, y 9.7.x anteriores a 9.7.2-P3 no maneja apropiadamente la combinación de respuestas negativas firmadas y los correspondientes registros RRSIG en la caché. Lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición de datos de la caché. • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://marc.info/?l=bugtraq&m=130270720601677&w=2 http://secunia.com/advisories/42374 http://secunia.com • CWE-264: Permissions, Privileges, and Access Controls •