CVE-2015-1349 – bind: issue in trust anchor management can cause named to crash
https://notcve.org/view.php?id=CVE-2015-1349
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. named en ISC BIND 9.7.0 hasta 9.9.6 anterior a 9.9.6-P2 y 9.10.x anterior a 9.10.1-P2, cuando la característica de la validación DNSSEC y de las claves gestionadas está habilitada, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida del demonio, o caída del demonio) mediante la provocación de un escenario de gestión de identificadores de confianza (trust-anchor) incorrecto en que no haya clave lista para su uso. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions. • http://advisories.mageia.org/MGASA-2015-0082.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html http:/ • CWE-391: Unchecked Error Condition CWE-399: Resource Management Errors •
CVE-2014-8680
https://notcve.org/view.php?id=CVE-2014-8680
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. La funcionalidad GeoIP en ISC BIND 9.10.0 hasta 9.10.1 permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida nombrada) a través de vectores relacionados con (1) la falta de bases de datos GeoIP para IPv4 y IPv6, o (2) el soporte IPv6 con ciertas opciones. • http://security.gentoo.org/glsa/glsa-201502-03.xml https://kb.isc.org/article/AA-01217 https://security.netapp.com/advisory/ntap-20190730-0002 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVE-2014-8500 – bind: delegation handling denial of service
https://notcve.org/view.php?id=CVE-2014-8500
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. ISC BIND 9.0.x hasta 9.8.x, 9.9.0 hasta 9.9.6, y 9.10.0 hasta 9.10.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída del nombrado) a través de un número grande o infinito de referencias. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. • http://advisories.mageia.org/MGASA-2014-0524.html http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676 http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html http://lists • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2014-3859
https://notcve.org/view.php?id=CVE-2014-3859
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv. libdns en ISC BIND 9.10.0 anterior a P2 no maneja debidamente las opciones EDNS, lo que permite a atacantes remotos causar una denegación de servicio (fallo de aserción REQUIRE y salida de demonio) a través de un paquete manipulado, tal y como fue demostrado por un ataque contra 'named', 'dig' o 'delv'. • http://secunia.com/advisories/58946 http://www.securityfocus.com/bid/68193 http://www.securitytracker.com/id/1030414 https://kb.isc.org/article/AA-01166 https://kb.isc.org/article/AA-01171 • CWE-20: Improper Input Validation •
CVE-2014-3214
https://notcve.org/view.php?id=CVE-2014-3214
The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. La implementación Prefetch en named en ISC BIND 9.10.0, cuando un servidor de nombres recursivo está habilitado, permite a atacantes remotos causar una denegación de servicio (fallo de aserción REQUIRE y salida de demonio) a través de una consulta DNS que provoca una respuesta con atributos no especificados. • http://security.gentoo.org/glsa/glsa-201502-03.xml http://www.securitytracker.com/id/1030214 https://kb.isc.org/article/AA-01161 • CWE-20: Improper Input Validation •