Page 4 of 22 results (0.008 seconds)

CVSS: 5.0EPSS: 6%CPEs: 21EXPL: 0

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. BIND 8.x a 8.3.3 permite a atacantes remotos causar una denegación de servicio (caída) mediante elementos registro de recurso (RR) SIG con fecha de expiració inválida, que son eliminados de la la base de datos interna de BIND y luego causan una desreferencia a nulo. • http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html http://marc.info/?l=bugtraq&m=103713117612842&w=2 http://marc.info/?l=bugtraq&m=103763574715133&w=2 http://online.securityfocus.com/advisories/4999 http://online.securityfocus.com/archive/1/300019 http://www.cert.org/advisories/CA-2002-31.html http://www.ciac.org/ •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. • http://www.osvdb.org/5609 http://xforce.iss.net/alerts/advise78.php https://exchange.xforce.ibmcloud.com/vulnerabilities/6694 • CWE-276: Incorrect Default Permissions •

CVSS: 10.0EPSS: 18%CPEs: 10EXPL: 4

Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. • https://www.exploit-db.com/exploits/277 https://www.exploit-db.com/exploits/282 https://www.exploit-db.com/exploits/279 https://www.exploit-db.com/exploits/280 http://www.cert.org/advisories/CA-2001-02.html http://www.debian.org/security/2001/dsa-026 http://www.nai.com/research/covert/advisories/047.asp http://www.redhat.com/support/errata/RHSA-2001-007.html http://www.securityfocus.com/bid/2302 •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. • http://www.cert.org/advisories/CA-2001-02.html http://www.debian.org/security/2001/dsa-026 http://www.nai.com/research/covert/advisories/047.asp http://www.redhat.com/support/errata/RHSA-2001-007.html http://www.securityfocus.com/bid/2321 •

CVSS: 5.0EPSS: 10%CPEs: 1EXPL: 2

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." • https://www.exploit-db.com/exploits/20388 http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067 http://www.cert.org/advisories/CA-2000-20.html http://www.debian.org/security/2000/20001112 http://www. •