Page 24 of 137 results (0.006 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. Desbordamiento de búfer en las funciones de resolución de DNS que buscan nombres de red y direcciones, como en BIND 4.9.8 y glibc 2.2.5 y anteriores, permiten que servidores DNS remotos ejecuten código arbitrario por medio de una subrutina usada por funciones tales como getnetbyname y getnetbyaddr. • http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 http://marc.info/?l=bugtraq&m=102581482511612&w=2 http://rhn.redhat.com/errata/RHSA-2002-139.html http://www.kb.cert.org/vuls/id/542971 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php https://access.redhat.com/security/cve/CVE-2002-0684 https://bugzilla.redhat.com/show_bug.cgi?id=1616795 •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. • ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I http://archives.neohapsis.com/archives/aix/2002-q3/0001.html http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html http://di •

CVSS: 5.0EPSS: 11%CPEs: 6EXPL: 0

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype. • ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt http://archives.neohapsis.com/archives/hp/2002-q3/0022.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038 http://www.cert.org/advisories/CA-2002-15.html http://www.isc.org/index.pl?/sw/bind/bind-security.php http://www.iss.net/security_center/static/9250.php http://www.kb.cert.org/vuls&# •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. • http://www.osvdb.org/5609 http://xforce.iss.net/alerts/advise78.php https://exchange.xforce.ibmcloud.com/vulnerabilities/6694 • CWE-276: Incorrect Default Permissions •

CVSS: 10.0EPSS: 18%CPEs: 10EXPL: 4

Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. • https://www.exploit-db.com/exploits/277 https://www.exploit-db.com/exploits/282 https://www.exploit-db.com/exploits/279 https://www.exploit-db.com/exploits/280 http://www.cert.org/advisories/CA-2001-02.html http://www.debian.org/security/2001/dsa-026 http://www.nai.com/research/covert/advisories/047.asp http://www.redhat.com/support/errata/RHSA-2001-007.html http://www.securityfocus.com/bid/2302 •