CVE-2011-4313 – bind: Remote denial of service against recursive servers via logging negative cache entry
https://notcve.org/view.php?id=CVE-2011-4313
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. query.c en ISC BIND v9.0.x hasta v9.6.x, v9.4-ESV hasta v9.4-ESV-R5, v9.6-ESV hasta v9.6-ESV-R5, v9.7.0 hasta v9.7.4, v9.8.0 hasta v9.8.1, y v9.9.0a1 hasta v9.9.0b1, permite a atacantes remotos provocar una denegación de servicio a través de vectores relacionados con peticiones DNS recursivas, errores de registro, y la captura de un registro inválido por el 'resolver'. • http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html http://lists.opensuse.org/opensuse-security-announce •
CVE-2011-2464 – bind: Specially constructed packet will cause named to exit
https://notcve.org/view.php?id=CVE-2011-2464
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. Vulnerabilidad no especificada en ISC BIND 9 v9.6.x antesw de v9.6-ESV-R4-P3, v9.7.x antes de v9.7.3-P3, y v9.8.x antes de v9.8.0-P4, permite a usuarios remotos provocar una denegación de servicio a través de una petición UPDATE manipulada. • http://blogs.oracle.com/sunsecurity/entry/cve_2011_2464_remote_denial http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062846.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/20 •
CVE-2011-1910 – bind: Large RRSIG RRsets and Negative Caching can crash named
https://notcve.org/view.php?id=CVE-2011-1910
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. Error de superación de límite (off-by-one) en named de ISC BIND 9.x anteriores a 9.7.3-P1, 9.8.x anteriores a 9.8.0-P2, 9.4-ESV anteriores a 9.4-ESV-R4-P1, y 9.6-ESV anteriores a 9.6-ESV-R4-P1 permite a servidores remotos DNS provocar una denegación de servicio (fallo de aserción y finalización del demonio) a través de una respuesta negativa que contenga RRSIG RRsets de gran tamaño. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html http://marc.info/?l=bugtraq&m=142180687100892&w=2 http://osvdb.org/72540 http://secunia.com/advisories/44677 http://secunia.com/advisories/44719 http://secunia.com/advisories/447 • CWE-189: Numeric Errors •
CVE-2010-3614 – bind: key algorithm rollover may mark secure answers as insecure
https://notcve.org/view.php?id=CVE-2010-3614
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. named en ISC BIND 9.x anteriores a 9.6.2-P3, 9.7.x anteriores a 9.7.2-P3, 9.4-ESV anteriores a 9.4-ESV-R4, y 9.6-ESV anteriores a 9.6-ESV-R3 no determina apropiadamente el status de seguridad de un NS RRset durante una renegociación ("rollover") del algoritmo DNSKEY. Lo que puede permitir a atacantes remotos provocar una denegación de servicio (error de validación DNSSEC) provocando un renegociación. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://secunia.com/advisories/42435 http://secunia.com/advisories/42459 http://secunia.com/advisories/42522 http://secunia.com/advisories/42671 http://securitytracker.com/id?1024817 http:/ • CWE-20: Improper Input Validation •
CVE-2010-0382 – bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
https://notcve.org/view.php?id=CVE-2010-0382
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y 9.7.0 beta maneja de manera inapropiada los datos de acompañamiento de una respuesta segura sin volver a consultar a la fuente original, lo que permite a atacantes remotos tener un impacto no especificado mediante una respuesta manipulada, también conocido como Bug 20819. NOTA: esta vulnerabilidad existe debido a una regresión durante la solución de CVE-2009-4022. • http://secunia.com/advisories/40086 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 http://www.debian.org/security/2010/dsa-2054 http://www.vupen.com/english/advisories/2010/0622 http://www.vupen.com/english/advisories/2010/1352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •