CVSS: 7.8EPSS: 8%CPEs: 278EXPL: 0CVE-2012-5166 – bind: Specially crafted DNS data can cause a lockup in named
https://notcve.org/view.php?id=CVE-2012-5166
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. ISC BIND v9.x antes de v9.7.6-P4, v9.8.x antes de v9.8.3-P4, v9.9.x antes de v9.9.1-P4, y v9.4-ESV y 9.6-ESV antes de v9.6-ESV-R7-P, permite a atacantes remotos provocar una denegación de servicio a través de combinaciones no especificadas de registros de recursos. • http://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090346.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090491.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090586.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2012-3523
https://notcve.org/view.php?id=CVE-2012-3523
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación STARTTLS en nnrpd en INN antes de v2.5.3 no restringe correctamente el búfer de E/S, lo que permite a atacantes man-in-the-middle introducir comandos en sesiones cifradas mediante el envío de un comando en texto plano que se procesa después de se establezca el TLS, relacionado con un ataque de "inyección de comando en texto claro", un problema similar a CVE-2011-0411. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html http://secunia.com/advisories/50661 http://www.mandriva.com/security/advisories?name=MDVSA-2012:156 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 2%CPEs: 31EXPL: 0CVE-2012-3955 – dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
https://notcve.org/view.php?id=CVE-2012-3955
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. ISC DHCP v4.1-4.1.x antes de v4.1-ESV-R7 y v4.2.x antes de v4.2.4-P2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) en determinadas circunstancias mediante el establecimiento de un 'lease' IPv6 en un entorno donde la expiración del leasing es posteriormente reducida. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086992.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088220.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00088.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00103.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00105.html http://rhn.redhat.com/errata/RHSA-2013-0504.html http://s •
CVSS: 7.8EPSS: 29%CPEs: 278EXPL: 0CVE-2012-4244 – bind: specially crafted resource record causes named to exit
https://notcve.org/view.php?id=CVE-2012-4244
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. ISC BIND v9.x antes de v9.7.6-P3, v9.8.x antes de v9.8.3-P3, v9.9.x antes de v9.9.1-P3, y v9.4-ESV y v9.6-ESV antes de v9.6-ESV-R7-P3 permite provocar una denegación de servicio (error de aserción y salida de demonio) a atacantes remotos a través de una consulta para un registro de recursos demasiado largo. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html http://lists.opensuse.org/opensuse-security& •
CVSS: 6.1EPSS: 7%CPEs: 33EXPL: 1CVE-2012-3571 – ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3571
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegación de servicio (bucle infinito y excesivo consumo de CPU) a través de un identificador de cliente con formato incorrecto. • https://www.exploit-db.com/exploits/37538 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1140.html http://rhn.redhat.com/errata/RHSA-2012-1141.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2516 http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •