CVSS: 4.3EPSS: 97%CPEs: 92EXPL: 0CVE-2007-0494 – BIND dnssec denial of service
https://notcve.org/view.php?id=CVE-2007-0494
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. ISC BIND 9.0.x, 9.1.x, 9.2.0 hasta la versión 9.2.7, 9.3.0 hasta la versión 9.3.3, 9.4.0a1 hasta la versión 9.4.0a6, 9.4.0b1 hasta la versión 9.4.0b4, 9.4.0rc1 y 9.5.0a1 (solo Bind Forum) permite a atacantes remotos provocar una denegación de servicio (salida) a través de la respuesta a una consulta DNS tipo * (ANY) que contiene múltiples RRsets, lo que desencadena un error de aserción, también conocido como la vulnerabilidad "DNSSEC Validation". • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://docs.info.apple.com/article.html?artnum=305530 http://fedoranews.org/cms/node/2507 http://fedoranews.org/cms/node/2537 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://lists.grok.org.uk/pipermail/ • CWE-19: Data Processing Errors •
CVSS: 5.0EPSS: 20%CPEs: 11EXPL: 0CVE-2006-4096
https://notcve.org/view.php?id=CVE-2006-4096
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de una inundación de preguntas recurrentes, que causan una fallo de INSIST cuando se recibe la respuesta después de que la cola recursiva esté vacía. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21790 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://s •
CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories&#x • CWE-617: Reachable Assertion •
CVSS: 5.0EPSS: 88%CPEs: 1EXPL: 0CVE-2006-3122
https://notcve.org/view.php?id=CVE-2006-3122
The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid." La función supersede_lease en memory.c de ISC DHCP (dhcpd) server 2.0p15 permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) mediante un paquete DHCPDISCOVER con un identificador de cliente de 32 bytes, lo que provoca que el paquete sea interpretado como un uid corrupto y provoca que el server se cierre con un mensaje "corrupt lease uid". • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380273 http://secunia.com/advisories/21345 http://secunia.com/advisories/21363 http://secunia.com/advisories/21655 http://securitytracker.com/id?1016755 http://www.debian.org/security/2006/dsa-1143 http://www.openbsd.org/errata.html#dhcpd http://www.securityfocus.com/bid/19348 http://www.vupen.com/english/advisories/2006/3158 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 8%CPEs: 13EXPL: 0CVE-2006-2073
https://notcve.org/view.php?id=CVE-2006-2073
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. • http://secunia.com/advisories/19808 http://securitytracker.com/id?1015993 http://www.kb.cert.org/vuls/id/955777 http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en http://www.securityfocus.com/bid/17692 http://www.vupen.com/english/advisories/2006/1505 http://www.vupen.com/english/advisories/2006/1537 https://exchange.xforce.ibmcloud.com/vulnerabilities/26081 •