Page 30 of 230 results (0.024 seconds)

CVSS: 4.0EPSS: 1%CPEs: 26EXPL: 0

CVE-2010-3613 – bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named

https://notcve.org/view.php?id=CVE-2010-3613

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. named en ISC BIND 9.6.2 anteriores a 9.6.2-P3, 9.6-ESV anteriores a 9.6-ESV-R3, y 9.7.x anteriores a 9.7.2-P3 no maneja apropiadamente la combinación de respuestas negativas firmadas y los correspondientes registros RRSIG en la caché. Lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición de datos de la caché. • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://marc.info/?l=bugtraq&m=130270720601677&w=2 http://secunia.com/advisories/42374 http://secunia.com • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.4EPSS: 2%CPEs: 236EXPL: 0

CVE-2010-3614 – bind: key algorithm rollover may mark secure answers as insecure

https://notcve.org/view.php?id=CVE-2010-3614

named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. named en ISC BIND 9.x anteriores a 9.6.2-P3, 9.7.x anteriores a 9.7.2-P3, 9.4-ESV anteriores a 9.4-ESV-R4, y 9.6-ESV anteriores a 9.6-ESV-R3 no determina apropiadamente el status de seguridad de un NS RRset durante una renegociación ("rollover") del algoritmo DNSKEY. Lo que puede permitir a atacantes remotos provocar una denegación de servicio (error de validación DNSSEC) provocando un renegociación. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://secunia.com/advisories/42435 http://secunia.com/advisories/42459 http://secunia.com/advisories/42522 http://secunia.com/advisories/42671 http://securitytracker.com/id?1024817 http:/ • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 6%CPEs: 17EXPL: 0

CVE-2010-3611 – dhcp: NULL pointer dereference crash via crafted DHCPv6 packet

https://notcve.org/view.php?id=CVE-2010-3611

ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. ISC DHCP server v4.0 anterior a v4.0.2, v4.1 anterior a v4.1.2, y v4.2 anterior a v4.2-P1 permite a atacantes remotos causar una denegación de servicio (caída) a través de un paquete DHCPv6 contiendo un mensaje Relay-Forward sin una dirección en el campo de dirección de enlace Relay-Forward • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050766.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051287.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://osvdb.org/68999 http://secunia.com/advisories/42082 http://secunia.com/advisories/42345 http://secunia.com/advisories/42407 http://www.isc.org/software/dhcp/advisories/cve-2010-3611 http://www.kb.cert.org/vuls/id/102047 http://www.mandri • CWE-476: NULL Pointer Dereference •

CVSS: 4.3EPSS: 7%CPEs: 1EXPL: 0

CVE-2010-3762 – Bind: DoS (assertion failure) via a DNS query with bad signatures

https://notcve.org/view.php?id=CVE-2010-3762

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. ISC BIND antes de su versión v9.7.2-P2, cuando la validación DNSSEC está habilitada, no controla correctamente ciertas firmas incorrectas si existen múltiples puntos confianza para una sola zona, lo que permite a atacantes remotos provocar una denegación de servicio (bloqueo del demonio) a través de una consulta DNS. • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html http://lists.vmware.com/pipermail/security-announce/2011/000126.html http://support.avaya.com/css/P8/documents/100124923 http://www.debian.org/security/2010/dsa-2130 http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 http://www.redhat.com/support/errata/RHSA-2010-0976.html http://www.securityfocus.com/archive/1/516909/100/0/threaded http://www.securityfocus.com/bid/45385 http:/ • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-0218

https://notcve.org/view.php?id=CVE-2010-0218

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. ISC BIND v9.7.2 a v9.7.2-P1 utiliza una ACL incorrecta para restringir la capacidad de las queries de Recursividad Deseada (RD) de acceder a la caché, lo que permite obtener información sensible a atacantes remotos a través de una consulta DNS. • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html http://www.kb.cert.org/vuls/id/784855 https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html • CWE-264: Permissions, Privileges, and Access Controls •