CVE-2010-3613 – bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named
https://notcve.org/view.php?id=CVE-2010-3613
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. named en ISC BIND 9.6.2 anteriores a 9.6.2-P3, 9.6-ESV anteriores a 9.6-ESV-R3, y 9.7.x anteriores a 9.7.2-P3 no maneja apropiadamente la combinación de respuestas negativas firmadas y los correspondientes registros RRSIG en la caché. Lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición de datos de la caché. • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://marc.info/?l=bugtraq&m=130270720601677&w=2 http://secunia.com/advisories/42374 http://secunia.com • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3614 – bind: key algorithm rollover may mark secure answers as insecure
https://notcve.org/view.php?id=CVE-2010-3614
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. named en ISC BIND 9.x anteriores a 9.6.2-P3, 9.7.x anteriores a 9.7.2-P3, 9.4-ESV anteriores a 9.4-ESV-R4, y 9.6-ESV anteriores a 9.6-ESV-R3 no determina apropiadamente el status de seguridad de un NS RRset durante una renegociación ("rollover") del algoritmo DNSKEY. Lo que puede permitir a atacantes remotos provocar una denegación de servicio (error de validación DNSSEC) provocando un renegociación. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://secunia.com/advisories/42435 http://secunia.com/advisories/42459 http://secunia.com/advisories/42522 http://secunia.com/advisories/42671 http://securitytracker.com/id?1024817 http:/ • CWE-20: Improper Input Validation •
CVE-2010-3762 – Bind: DoS (assertion failure) via a DNS query with bad signatures
https://notcve.org/view.php?id=CVE-2010-3762
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. ISC BIND antes de su versión v9.7.2-P2, cuando la validación DNSSEC está habilitada, no controla correctamente ciertas firmas incorrectas si existen múltiples puntos confianza para una sola zona, lo que permite a atacantes remotos provocar una denegación de servicio (bloqueo del demonio) a través de una consulta DNS. • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://support.avaya.com/css/P8/documents/100124923 http://www.debian.org/security/2010/dsa-2130 http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 http://www.redhat.com/support/errata/RHSA-2010-0976.html http://www.securityfocus.com/archive/1/516909/100/0/threaded http://www.securityfocus.com/bid/45385 http:/ • CWE-20: Improper Input Validation •
CVE-2010-0218
https://notcve.org/view.php?id=CVE-2010-0218
ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. ISC BIND v9.7.2 a v9.7.2-P1 utiliza una ACL incorrecta para restringir la capacidad de las queries de Recursividad Deseada (RD) de acceder a la caché, lo que permite obtener información sensible a atacantes remotos a través de una consulta DNS. • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html http://www.kb.cert.org/vuls/id/784855 https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0213
https://notcve.org/view.php?id=CVE-2010-0213
BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. BIND v9.7.1 y v9.7.1-P1, cuando un servidor de validación recursivo tiene un identificador de confianza que es configurado estáticamente o a través de DNSSEC Lookaside Validation (DLV), permite a atacantse causar una denegación de servicio (bucle infinito) a través de una petición para un registro RRSIG cuya respuesta no está en la caché, lo que causa en BIND el envío repetivamente de peticiones RRSI a los servidores de autorización. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://secunia.com/advisories/40652 http://secunia.com/advisories/40709 http://www.isc.org/software/bind/advisories/cve-2010-0213 http://www.kb.cert.org/vuls/id/211905 http://www.securityfocus.com/bid/41730 http://www.securitytracker.com/id?1024217 http://www.vupen.com/english/advisories/2010/1884 • CWE-19: Data Processing Errors •