Page 2 of 9 results (0.002 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024. El servidor autoritativo en maraDNS hasta la versión v2.0.04 calcula los valores hash de los datos del DNS sin restringir la capacidad de obtener colisiones de hash de una forma predecible. Esto podría permitir a usuarios locales provocar una denegación de servicio (consumo de CPU) a través de registros debidamente modificados en los archivos de zona. Se trata de una vulnerabilidad diferente a CVE-2012-0024. • http://samiam.org/blog/20111229.html http://www.securitytracker.com/id?1026820 https://exchange.xforce.ibmcloud.com/vulnerabilities/72258 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. MaraDNS antes de v1.3.07.12 y v1.4.x antes de v1.4.08 calcula los valores hash de los datos del DNS sin restringir la capacidad de obtener colisiones hash de una forma predecible. Esto permite a atacantes remotos provocar una denegación de servicio (por consumo de CPU) mediante el envío de muchas consultas debidamente modificadas con el bit Recursion Desired (recursividad deseada - RD) activado. • http://openwall.com/lists/oss-security/2012/01/03/13 http://openwall.com/lists/oss-security/2012/01/03/6 http://samiam.org/blog/20111229.html https://bugzilla.redhat.com/show_bug.cgi?id=771428 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.0EPSS: 1%CPEs: 98EXPL: 0

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. • http://secunia.com/advisories/13145 http://securitytracker.com/id?1012157 http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf http://www.posadis.org/advisories/pos_adv_006.txt http://www.securityfocus.com/bid/11642 https://exchange.xforce.ibmcloud.com/vulnerabilities/17997 •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets. • http://securitytracker.com/id?1003252 http://www.securityfocus.com/bid/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/7972 •