CVSS: 6.8EPSS: 17%CPEs: 228EXPL: 0CVE-2016-1285 – bind: malformed packet sent to rndc can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente la recuperación de mensajes contestados, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un paquete mal formado en la interfaz rndc (también conocido como canal de control), relacionado con alist.c y sexpr.c. A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html http://lists.opensuse.org/opensuse- • CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 73%CPEs: 228EXPL: 0CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, relacionada con db.c y resolver.c. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html http://lists.opensuse.org/opensuse- • CWE-617: Reachable Assertion •
CVSS: 6.8EPSS: 83%CPEs: 29EXPL: 0CVE-2016-2088
https://notcve.org/view.php?id=CVE-2016-2088
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. resolver.c en named en ISC BIND 9.10.x en versiones anteriores a 9.10.3-P4, cuando las cookies DNS están habilitadas, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción INSIST y salida de demonio) a través de un paquete mal formado con más de una opción de cookie. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://www.securityfocus.com/bid/84290 http://www.securitytracker.com/id/1035238 https://kb.isc.org/article/AA-01351 https://kb.isc.org/article/AA-01380 https://security.gentoo.org/glsa/201610-07 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1284
https://notcve.org/view.php?id=CVE-2016-1284
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. rdataset.c en ISC BIND 9 Supported Preview Edition 9.9.8-S en versiones anteriores a 9.9.8-S5, cuando la redirección nxdomain está habilitada, permite a atacantes remotos causar una denegación de servicio (error de aserción REQUIRE y salida de demonio) a través de valores de indicadores manipulados en una consulta. • http://www.securitytracker.com/id/1034935 https://kb.isc.org/article/AA-01348 https://kb.isc.org/article/AA-01438 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 4%CPEs: 59EXPL: 0CVE-2015-8705
https://notcve.org/view.php?id=CVE-2015-8705
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. buffer.c en named en ISC BIND 9.10.x en versiones anteriores a 9.10.3-P3, cuando inicio de sesión depurado está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción REQUIRE y salida del demonio, o caída del demonio) o posiblemente tener otro impacto no especificado a través de (1) datos OPT o (2) una opción ECS. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/81314 http://www.securitytracker.com/id/1034740 https://kb.isc.org/article/AA-01336 https://kb.isc.org/article/AA-01380 https://security.gentoo.org/glsa/201610-07 • CWE-20: Improper Input Validation •