CVSS: 7.8EPSS: 6%CPEs: 94EXPL: 0CVE-2012-3817 – bind: heavy DNSSEC validation load can cause assertion failure
https://notcve.org/view.php?id=CVE-2012-3817
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. ISC BIND v9.4.x, v9.5.x, v9.6.x, v9.7.x, y antes de v9.7.6-P2; v9.8.x antes de v9.8.3-P2; v9.9.x antes de v9.9.1-P2, y v9.6-ESV antes v9.6-ESV-vR7-P2, cuando está habilitada la validación DNSSEC, no inicializar correctamente la caché no-query, que permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida demonio) mediante el envío de muchas consultas. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.opensuse.org/opensuse-updates/2012-08/msg00013.html http://lists.opensuse.org/opensuse-updates/2012-08/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-1122.html http://rhn.redhat.com/errata/RHSA-2012-1123.html http://secunia.com/advisories/51096 http://support.apple.com/kb/HT5880 http://www.debian.org/security/2012/dsa-2517 http://www.securitytracker.com/id?1027296 http://www.sla • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3868
https://notcve.org/view.php?id=CVE-2012-3868
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. Condición de carrera en la estructura de gestión ns_client en ISC BIND v9.9.x anterior a v9.9.1-P2 permite a atacantes remotos causar una denegación de servicio (consumo de memoria o la salida del proceso) a través de un gran volumen de consultas TCP. • http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 https://kb.isc.org/article/AA-00730 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 3%CPEs: 46EXPL: 0CVE-2012-3954 – dhcp: two memory leaks may result in DoS
https://notcve.org/view.php?id=CVE-2012-3954
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Múltiples fugas de memoria en ISC DHCP 4.1.x y 4.2.x anterior a 4.2.4-P1 y 4.1-ESV anterior a 4.1-ESV-R6, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante el envío de multitud de peticiones. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2012-1141.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2516 http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 http://www.mandriva.com/security/advisories?name=MDVSA-2012:116 http://www.securityfocus.com/bid/54665 http://www.securitytracker.com/id?1027300 http://w • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.7EPSS: 22%CPEs: 17EXPL: 0CVE-2012-3570
https://notcve.org/view.php?id=CVE-2012-3570
Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter. Un desbordamiento de búfer en ISC DHCP v4.2.x antes de v4.2.4-P1, cuando el modo DHCPv6 está habilitado, permite a atacantes remotos causar una denegación de servicio (fallo de segmentación y parada del demonio) a través de un parámetro "identificador de cliente" modificado para tal fin. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:115 http://www.securityfocus.com/bid/54665 https://kb.isc.org/article/AA-00714 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.5EPSS: 90%CPEs: 256EXPL: 0CVE-2012-1667 – bind: handling of zero length rdata can cause named to terminate unexpectedly
https://notcve.org/view.php?id=CVE-2012-1667
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. ISC BIND v9.x antes de v9.7.6-P1, v9.8.x antes de v9.8.3-P1, v9.9.x antes de v9.9.1-P1, y v9.4-ESV antes de 9.6-ESV-R7-P1 no gestionan adecuadamente los registros de recursos con una sección RDATA de longitud cero, lo que permite a los servidores DNS remotos provocar una denegación de servicio (caída del demonio o corrupción de datos) u obtener información sensible de la memoria del proceso a través de un registro específicamente diseñado para este fin. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00010.html http://marc.info/?l=bugtraq&m=134132772016230&w=2 http://rhn.redhat.com/errata/RHSA-2012-0717.html http://rhn.redhat.com/errata/RHSA-2012-1110.html http://secunia.com/advisories/51096 http://support.apple.com/kb/HT5501 http://www.debian.org/security/2012&#x • CWE-189: Numeric Errors •