CVE-2010-0097 – BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses
https://notcve.org/view.php?id=CVE-2010-0097
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y9.7.0 beta, no valida de manera apropiada los registros DNSSEC (1) NSEC y (2) NSEC3, lo que permite a atacantes remotos añadir el flag (bandera) Authenticated Data (AD) a una respuesta NXDOMAIN falsificada para un dominio existente. • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://marc.info/?l=bugtraq&m=127195582210247&w=2 http://secunia.com/advisories/38169 http://secunia.com/adv • CWE-20: Improper Input Validation •
CVE-2010-0290 – BIND upstream fix for CVE-2009-4022 is incomplete
https://notcve.org/view.php?id=CVE-2010-0290
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. Vulnerabilidad no especificada en ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y 9.7.0 beta, con la validación DNSSEC habilitada y el chequeo (CD) deshabilitado, permite a atacantes remotos realizar ataques de envenenamiento de cache DNS mediante la recepción de una petición recursiva de cliente y el envío de una respuesta que contiene registros (1) CNAME o (2) DNAME, los cuales no realizan la validación establecida antes de cachear, también conocida como Bug 20737. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2009-4022. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://marc.info/?l=oss-security&m=126393609503704&w=2 http://marc.info/?l=oss-security&m=126399602810086&w=2 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://secunia.com/advisories/40086 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 http://www.debian.org/security/2010/dsa-2054 http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 http://www.ubuntu •
CVE-2009-4022 – bind: cache poisoning using not validated DNSSEC responses
https://notcve.org/view.php?id=CVE-2009-4022
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438. Vulnerabilidad no especificada en ISC BIND 9.0.x hasta la versión 9.3.x, 9.4 en versiones anteriores a 9.4.3-P4, 9.5 en versiones anteriores a 9.5.2-P1, 9.6 en versiones anteriores a 9.6.1-P2 y 9.7 beta en versiones anteriores a 9.7.0b3, con validación DNSSEC habilitada y comprobación deshabilitada (CD), permite a atacantes remotos llevar a cabo ataques de envenenamiento de la caché DNS recibiendo una consulta de cliente recursiva y enviando una respuesta que contiene una sección Additional con datos manipulados, lo cual no es manejado adecuadamente cuando la respuesta es procesada "al mismo tiempo que se solicitan registros DNSSEC (DO)", también conocida como Bug 20438. • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://osvdb.org/60493 http://secunia.com/advisories/37426 http://secunia.com/advisories/37491 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://secunia.com/advisories/ •
CVE-2009-0696 – ISC BIND 9 - Remote Dynamic Update Message Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-0696
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. La función dns_db_findrdataset en db.c en "named" en ISC BIND v9.4 anterior a v9.4.3-P3, v9.5 anterior a v9.5.1-P3, y v9.6 anterior a v9.6.1-P1, cuando está configurado como un servidor maestro, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de cualquier registro en la sección prerequerida de un mensaje de actualización dinámico manipulado, tal como se ha explotado en julio de 2009. • https://www.exploit-db.com/exploits/9300 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 http://secunia.com/advisories/36035 http://secunia.com/advisories/36038 http://secunia.com/advisories/36050 http://secunia.com/advisories/36053 http://secunia.com • CWE-16: Configuration •
CVE-2009-0265
https://notcve.org/view.php?id=CVE-2009-0265
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. Internet Systems Consortium (ISC) BIND en versiones 9.6.0 y anteriores no comprueba adecuadamente el valor de retorno de la función EVP_VerifyFinal de OpenSSL, lo cual permite a atacantes remotos eludir la validación del certificado a través de una firma SSL/TLS malformada, se trata de una vulnerabilidad similar a CVE-2008-5077 y CVE-2009-0025. • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://secunia.com/advisories/33559 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 http://www.mandriva.com/security/advisories?name=MDVSA-2009:037 http://www.vupen.com/english/advisories/2009/0043 https://www.isc.org/node/373 • CWE-252: Unchecked Return Value CWE-295: Improper Certificate Validation •