Page 11 of 57 results (0.008 seconds)

CVSS: 5.4EPSS: 6%CPEs: 92EXPL: 0

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. named en ISC BIND 9.7.0 hasta 9.9.6 anterior a 9.9.6-P2 y 9.10.x anterior a 9.10.1-P2, cuando la característica de la validación DNSSEC y de las claves gestionadas está habilitada, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida del demonio, o caída del demonio) mediante la provocación de un escenario de gestión de identificadores de confianza (trust-anchor) incorrecto en que no haya clave lista para su uso. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions. • http://advisories.mageia.org/MGASA-2015-0082.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html http:/ • CWE-391: Unchecked Error Condition CWE-399: Resource Management Errors •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. La funcionalidad GeoIP en ISC BIND 9.10.0 hasta 9.10.1 permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida nombrada) a través de vectores relacionados con (1) la falta de bases de datos GeoIP para IPv4 y IPv6, o (2) el soporte IPv6 con ciertas opciones. • http://security.gentoo.org/glsa/glsa-201502-03.xml https://kb.isc.org/article/AA-01217 https://security.netapp.com/advisory/ntap-20190730-0002 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 83%CPEs: 63EXPL: 0

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. ISC BIND 9.0.x hasta 9.8.x, 9.9.0 hasta 9.9.6, y 9.10.0 hasta 9.10.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída del nombrado) a través de un número grande o infinito de referencias. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. • http://advisories.mageia.org/MGASA-2014-0524.html http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676 http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html http://lists&# • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv. libdns en ISC BIND 9.10.0 anterior a P2 no maneja debidamente las opciones EDNS, lo que permite a atacantes remotos causar una denegación de servicio (fallo de aserción REQUIRE y salida de demonio) a través de un paquete manipulado, tal y como fue demostrado por un ataque contra 'named', 'dig' o 'delv'. • http://secunia.com/advisories/58946 http://www.securityfocus.com/bid/68193 http://www.securitytracker.com/id/1030414 https://kb.isc.org/article/AA-01166 https://kb.isc.org/article/AA-01171 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. La implementación Prefetch en named en ISC BIND 9.10.0, cuando un servidor de nombres recursivo está habilitado, permite a atacantes remotos causar una denegación de servicio (fallo de aserción REQUIRE y salida de demonio) a través de una consulta DNS que provoca una respuesta con atributos no especificados. • http://security.gentoo.org/glsa/glsa-201502-03.xml http://www.securitytracker.com/id/1030214 https://kb.isc.org/article/AA-01161 • CWE-20: Improper Input Validation •