Page 13 of 74 results (0.014 seconds)

CVSS: 7.8EPSS: 97%CPEs: 2EXPL: 2

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. Vulnerabilidad identificada en ISC BIND 9.x en versiones anteriores a 9.9.7-P2 y 9.10.x en versiones anteriores a 9.10.2-P3, permite a atacantes remotos causar una denegación de servicio (fallo en la comprobación de REQUIRE y salida del demonio) a través de consultas TKEY. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. • https://www.exploit-db.com/exploits/37723 https://www.exploit-db.com/exploits/37721 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html http://lists.opensuse.org/opensuse-se • CWE-19: Data Processing Errors CWE-617: Reachable Assertion •

CVSS: 7.8EPSS: 14%CPEs: 95EXPL: 0

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. name.c en named en ISC BIND 9.7.x hasta 9.9.x anterior a 9.9.7-P1 y 9.10.x anterior a 9.10.2-P2, cuando configurado como solucionador recursivo con validación DNSSEC, permite a atacantes remotos causar una denegación de servicio (fallo de aserción REQUIRE y salida de demonio) mediante la construcción de datos de zona manipulados y posteriormente la realización de una consulta de un nombre en esta zona. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162040.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162286.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html http://marc.info/?l=bugtraq&m=143740940810833&w=2 http://rhn.redhat.com/errata/RHSA-2015-1443.html http://rhn.redhat.com& • CWE-17: DEPRECATED: Code CWE-617: Reachable Assertion •

CVSS: 5.4EPSS: 6%CPEs: 92EXPL: 0

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. named en ISC BIND 9.7.0 hasta 9.9.6 anterior a 9.9.6-P2 y 9.10.x anterior a 9.10.1-P2, cuando la característica de la validación DNSSEC y de las claves gestionadas está habilitada, permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida del demonio, o caída del demonio) mediante la provocación de un escenario de gestión de identificadores de confianza (trust-anchor) incorrecto en que no haya clave lista para su uso. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions. • http://advisories.mageia.org/MGASA-2015-0082.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html http:/ • CWE-391: Unchecked Error Condition CWE-399: Resource Management Errors •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. La funcionalidad GeoIP en ISC BIND 9.10.0 hasta 9.10.1 permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida nombrada) a través de vectores relacionados con (1) la falta de bases de datos GeoIP para IPv4 y IPv6, o (2) el soporte IPv6 con ciertas opciones. • http://security.gentoo.org/glsa/glsa-201502-03.xml https://kb.isc.org/article/AA-01217 https://security.netapp.com/advisory/ntap-20190730-0002 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 83%CPEs: 63EXPL: 0

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. ISC BIND 9.0.x hasta 9.8.x, 9.9.0 hasta 9.9.6, y 9.10.0 hasta 9.10.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída del nombrado) a través de un número grande o infinito de referencias. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. • http://advisories.mageia.org/MGASA-2014-0524.html http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676 http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html http://lists&# • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •