CVE-2016-1284
https://notcve.org/view.php?id=CVE-2016-1284
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. rdataset.c en ISC BIND 9 Supported Preview Edition 9.9.8-S en versiones anteriores a 9.9.8-S5, cuando la redirección nxdomain está habilitada, permite a atacantes remotos causar una denegación de servicio (error de aserción REQUIRE y salida de demonio) a través de valores de indicadores manipulados en una consulta. • http://www.securitytracker.com/id/1034935 https://kb.isc.org/article/AA-01348 https://kb.isc.org/article/AA-01438 • CWE-20: Improper Input Validation •
CVE-2015-8705
https://notcve.org/view.php?id=CVE-2015-8705
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. buffer.c en named en ISC BIND 9.10.x en versiones anteriores a 9.10.3-P3, cuando inicio de sesión depurado está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción REQUIRE y salida del demonio, o caída del demonio) o posiblemente tener otro impacto no especificado a través de (1) datos OPT o (2) una opción ECS. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/81314 http://www.securitytracker.com/id/1034740 https://kb.isc.org/article/AA-01336 https://kb.isc.org/article/AA-01380 https://security.gentoo.org/glsa/201610-07 • CWE-20: Improper Input Validation •
CVE-2015-8704 – bind: specific APL data could trigger an INSIST in apl_42.c
https://notcve.org/view.php?id=CVE-2015-8704
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. apl_42.c en ISC BIND 9.x en versiones anteriores a 9.9.8-P3, 9.9.x y 9.10.x en versiones anteriores a 9.10.3-P3 permite a usuarios remotos autenticados provocar una denegación de servicio (fallo de la afirmación INSIST y salida de demonio) a través de un registro Address Prefix List (APL) mal formado. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178045.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175973.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html http://lists.opensuse.org/opensuse-secu • CWE-20: Improper Input Validation •
CVE-2015-8461
https://notcve.org/view.php?id=CVE-2015-8461
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. Condición de carrera en resolver.c en named en ISC BIND 9.9.8 en versiones anteriores a 9.9.8-P2 y 9.10.3 en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción INSIST y salida del demonio) a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html http://www.securityfocus.com/bid/79347 http://www.securitytracker.com/id/1034419 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 https://kb.isc.org/article/AA-01319 https://kb.isc.org/article/AA-01380 https://kb.isc.org/article/AA-01438 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-8000 – bind: responses with a malformed class attribute can trigger an assertion failure in db.c
https://notcve.org/view.php?id=CVE-2015-8000
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html http://lists.opensuse.org/opensuse-se • CWE-20: Improper Input Validation •