CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories • CWE-617: Reachable Assertion •
CVE-2006-2073
https://notcve.org/view.php?id=CVE-2006-2073
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. • http://secunia.com/advisories/19808 http://securitytracker.com/id?1015993 http://www.kb.cert.org/vuls/id/955777 http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en http://www.securityfocus.com/bid/17692 http://www.vupen.com/english/advisories/2006/1505 http://www.vupen.com/english/advisories/2006/1537 https://exchange.xforce.ibmcloud.com/vulnerabilities/26081 •
CVE-2006-0987 – DNS Amplification Scanner
https://notcve.org/view.php?id=CVE-2006-0987
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. • http://dns.measurement-factory.com/surveys/sum1.html http://kb.isc.org/article/AA-00269 http://www.securityfocus.com/archive/1/426368/100/0/threaded http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf - •
CVE-2006-0527
https://notcve.org/view.php?id=CVE-2006-0527
BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. • http://attrition.org/pipermail/vim/2006-February/000551.html http://computerworld.com/networkingtopics/networking/story/0%2C10801%2C103744%2C00.html http://secunia.com/advisories/18690 http://securityreason.com/securityalert/438 http://securityreason.com/securityalert/748 http://securitytracker.com/id?1015551 http://securitytracker.com/id?1015606 http://www.osvdb.org/22888 http://www.securityfocus.com/archive/1/425083/100/0/threaded http://www.securityfocus.com/bid/16455 http://www.vupen& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-0034
https://notcve.org/view.php?id=CVE-2005-0034
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. • http://secunia.com/advisories/14008 http://securitytracker.com/id?1012995 http://www.isc.org/index.pl?/sw/bind/bind-security.php http://www.isc.org/index.pl?/sw/bind/bind9.php http://www.kb.cert.org/vuls/id/938617 http://www.securityfocus.com/bid/12365 http://www.trustix.org/errata/2005/0003 http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19062 •