Page 27 of 230 results (0.013 seconds)

CVSS: 5.0EPSS: 1%CPEs: 72EXPL: 0

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. La resolución en ISC BIND v9 a v9.8.1-P1 no implementa una política de actualización de caché, que permite a atacantes remotos provocar resolubilidad continuada de nombres de dominio que ya no están registrados a través de un "Ghost Names exploit" • http://marc.info/?l=bugtraq&m=135638082529878&w=2 http://osvdb.org/78916 http://rhn.redhat.com/errata/RHSA-2012-0717.html http://secunia.com/advisories/47884 http://www.kb.cert.org/vuls/id/542123 http://www.securityfocus.com/bid/51898 http://www.securitytracker.com/id?1026647 https://exchange.xforce.ibmcloud.com/vulnerabilities/73053 https://hermes.opensuse.org/messages/15136456 https://hermes.opensuse.org/messages/15136477 https://www.isc.org/software/bind/advisories/ •

CVSS: 6.1EPSS: 0%CPEs: 102EXPL: 0

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update. La funcionalidad de registro en el dhcpd de ISC DHCP anterior a v4.2.3-P2, cuando se utiliza DNS dinámico (DDNS) y direcciones IPv6, no maneja correctamente la estructura de arrendamiento (lease structure) DHCPv6, permitiendo a atacantes remotos provocar una denegación de servicio (puntero a NULL y el caída del servicio) mediante paquetes especialmente elaborados en relación con una actualización lease-status. • http://security.gentoo.org/glsa/glsa-201301-06.xml https://deepthought.isc.org/article/AA-00595 https://kb.isc.org/article/AA-00705 https://www.isc.org/software/dhcp/advisories/cve-2011-4868 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 2%CPEs: 39EXPL: 0

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. dhcpd en ISC DHCP v4.x antes de v4.2.3-P1 y v4.1-ESV antes de v4.1-ESV-R4 no manipula correctamente expresiones regulares en dhcpd.conf, lo que permite a atacantes remotos provocar una denegación de servicio (caída del deminio) a través de un paquete de petición modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070980.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071549.html http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html http://secunia.com/advisories/47153 http://secunia.com/advisories/47178 http://security.gentoo.org/glsa/glsa-201301-06.xml http://www.debian.org/security/2012/dsa-2519 http://www.mandriva.com/security/advisories?name=MDVSA-2011:182 http://www.securityfocus.com/bi • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 10%CPEs: 239EXPL: 0

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. query.c en ISC BIND v9.0.x hasta v9.6.x, v9.4-ESV hasta v9.4-ESV-R5, v9.6-ESV hasta v9.6-ESV-R5, v9.7.0 hasta v9.7.4, v9.8.0 hasta v9.8.1, y v9.9.0a1 hasta v9.9.0b1, permite a atacantes remotos provocar una denegación de servicio a través de vectores relacionados con peticiones DNS recursivas, errores de registro, y la captura de un registro inválido por el 'resolver'. • http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069463.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069975.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html http://lists.opensuse.org/opensuse-security-announce •

CVSS: 7.8EPSS: 96%CPEs: 92EXPL: 0

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. El servidor en ISC DHCP v3.x y v4.x anterior a v4.2.2, v3.1-ESV anterior a v3.1-ESV-R3, y v4.1-ESV anterior a v4.1-ESV-R3 permite a atacantes remotos provocar una denegación de servicio (salida de demonio) a través de un paquete DHCP manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html http://redmine.pfsense.org/issues/1888 http://secunia.com/advisories/45582 http://secunia.com/advisories/45595 http://secunia.com/advisories/45629 http://secunia.com/advisories/45639 http://secunia.com/advisories/45817 http://secunia.com/advisories/45918 http://secunia.com • CWE-20: Improper Input Validation •