CVSS: 7.5EPSS: 93%CPEs: 18EXPL: 0CVE-2002-0029
https://notcve.org/view.php?id=CVE-2002-0029
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. Desbordamientos de búfer en la libreria de resolución de raíz DNS en ISC BIND 4.9.2 a 4.9.10, y otras librerías derivadas como BSD libc y GNU libc, permite a atacantes remotos ejecutar código arbitrario mediante respuestas de servidor DNS que disparan el desbordamiento en las funciones getnetbyname() y getnetbyaddr(). También conocidad como "LIBRESOLV:desbordamiento de búfer. Es una vulnerabilidad distinta de CAN-2002-0684. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html http://www.cert.org/advisories/CA-2002-31.html http://www.isc.org/products/BIND/bind-security.html http://www.iss.net/security_center/static/10624.php http://www.kb.cert.org/vuls/id/844360 http://www.securityfocus.com/bid/6186 https://access.redhat&# •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0497
https://notcve.org/view.php?id=CVE-2001-0497
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. • http://www.osvdb.org/5609 http://xforce.iss.net/alerts/advise78.php https://exchange.xforce.ibmcloud.com/vulnerabilities/6694 • CWE-276: Incorrect Default Permissions •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 3CVE-1999-1499 – ISC BIND 4.9.7 -T1B - named SIGINT / SIGIOT Symlink
https://notcve.org/view.php?id=CVE-1999-1499
named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. • https://www.exploit-db.com/exploits/19072 http://www.securityfocus.com/archive/1/8966 http://www.securityfocus.com/bid/80 •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-1999-0011
https://notcve.org/view.php?id=CVE-1999-0011
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. • ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-1999-0010
https://notcve.org/view.php?id=CVE-1999-0010
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. • ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 •