CVSS: 5.3EPSS: 3%CPEs: 28EXPL: 0CVE-2017-3142 – An error in TSIG authentication can permit unauthorized zone transfers
https://notcve.org/view.php?id=CVE-2017-3142
30 Jun 2017 — An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0... • http://www.securityfocus.com/bid/99339 • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 28%CPEs: 28EXPL: 1CVE-2017-3143 – An error in TSIG authentication can permit unauthorized dynamic updates
https://notcve.org/view.php?id=CVE-2017-3143
30 Jun 2017 — An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. Un atacante que pueda enviar y recibir mensajes a un servidor DNS autoritativo y que conozca un nombre de clave TSIG válido para la zona ... • https://github.com/saaph/CVE-2017-3143 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 2CVE-2017-3141 – Windows service and uninstall paths are not quoted when BIND is installed
https://notcve.org/view.php?id=CVE-2017-3141
05 Jun 2017 — The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1. El instalador de BIND en Windows emplea una ruta de servicio sin entrecomillar que puede permitir que un usuario local logre escalar privilegios si los permisos del sistema host de archivos lo permiten.... • https://packetstorm.news/files/id/142800 • CWE-428: Unquoted Search Path or Element •
CVSS: 5.9EPSS: 37%CPEs: 47EXPL: 0CVE-2017-3136 – An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
https://notcve.org/view.php?id=CVE-2017-3136
14 Apr 2017 — A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. Una consulta con un conjunto de... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 35%CPEs: 33EXPL: 0CVE-2017-3135 – Combination of DNS64 and RPZ Can Lead to Crash
https://notcve.org/view.php?id=CVE-2017-3135
16 Feb 2017 — Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. En ciertas condiciones, al emplear DNS64 y RPZ para rescribir respuestas a consultas, el procesamiento de consultas puede continuar de forma inconsistente... • http://rhn.redhat.com/errata/RHSA-2017-0276.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 8%CPEs: 9EXPL: 0CVE-2016-9778 – An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
https://notcve.org/view.php?id=CVE-2016-9778
13 Jan 2017 — An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one ... • http://www.securityfocus.com/bid/95388 • CWE-388: 7PK - Errors •
CVSS: 7.5EPSS: 63%CPEs: 45EXPL: 0CVE-2016-9131 – bind: assertion failure while processing response to an ANY query
https://notcve.org/view.php?id=CVE-2016-9131
12 Jan 2017 — named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal for... • http://rhn.redhat.com/errata/RHSA-2017-0062.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 48%CPEs: 318EXPL: 0CVE-2016-9444 – bind: assertion failure while handling an unusually-formed DS record response
https://notcve.org/view.php?id=CVE-2016-9444
12 Jan 2017 — named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de recurso... • http://rhn.redhat.com/errata/RHSA-2017-0062.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 48%CPEs: 57EXPL: 0CVE-2016-8864 – bind: assertion failure while handling responses containing a DNAME answer
https://notcve.org/view.php?id=CVE-2016-8864
01 Nov 2016 — named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P4, 9.10.x en versiones anteriores a 9.10.4-P4 y 9.11.x en versiones anteriores a 9.11.0-P1 permite a atacantes remotos provocar una denegación de servicio (fallo de as... • http://rhn.redhat.com/errata/RHSA-2016-2141.html • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 51%CPEs: 264EXPL: 0CVE-2016-2848 – bind: assertion failure triggered by a packet with malformed options
https://notcve.org/view.php?id=CVE-2016-2848
21 Oct 2016 — ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. ISC BIND 9.1.0 hasta la versión 9.8.4-P2 y 9.9.0 hasta la versión 9.9.2-P2 permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de datos de opciones mal formadas en un registro de recursos OPT. A denial of service flaw was found in the way BIND hand... • http://rhn.redhat.com/errata/RHSA-2016-2093.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •