Page 4 of 57 results (0.005 seconds)

CVSS: 7.5EPSS: 5%CPEs: 28EXPL: 1

CVE-2017-3143 – An error in TSIG authentication can permit unauthorized dynamic updates

https://notcve.org/view.php?id=CVE-2017-3143

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. Un atacante que pueda enviar y recibir mensajes a un servidor DNS autoritativo y que conozca un nombre de clave TSIG válido para la zona y el servicio objetivos podría ser capaz de manipular BIND para que acepte una actualización dinámica no autorizada. Afecta a BIND desde la versión 9.4.0 hasta la versión 9.8.8, desde la versión 9.9.0 hasta la versión 9.9.10-P1, desde la versión 9.10.0 hasta la versión 9.10.5-P1, desde la versión 9.11.0 hasta la versión 9.11.1-P1, desde la versión 9.9.3-S1 hasta la versión 9.9.10-S2 y desde la versión 9.10.5-S1 hasta la versión 9.10.5-S2. A flaw was found in the way BIND handled TSIG authentication for dynamic updates. • https://github.com/saaph/CVE-2017-3143 http://www.securityfocus.com/bid/99337 http://www.securitytracker.com/id/1038809 https://access.redhat.com/errata/RHSA-2017:1679 https://access.redhat.com/errata/RHSA-2017:1680 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us https://kb.isc.org/docs/aa-01503 https://security.netapp.com/advisory/ntap-20190830-0003 https://www.debian.org/security/2017/dsa-3904 https://access.redhat • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 20%CPEs: 33EXPL: 0

CVE-2017-3135 – Combination of DNS64 and RPZ Can Lead to Crash

https://notcve.org/view.php?id=CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. En ciertas condiciones, al emplear DNS64 y RPZ para rescribir respuestas a consultas, el procesamiento de consultas puede continuar de forma inconsistente, lo que puede conducir a un fallo de aserción de INSIST o a un intento para leer a través de un puntero NULL. Afecta a BIND en su versión 9.8.8, desde la versión 9.9.3-S1 hasta la 9.9.9-S7, desde la versión 9.9.3 hasta la 9.9.9-P5, la versión 9.9.10b1, desde la versión 9.10.0 hasta la 9.10.4-P5, la versión 9.10.5b1, desde la versión 9.11.0 hasta la 9.11.0-P2 y a la versión 9.11.1b1. A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. • http://rhn.redhat.com/errata/RHSA-2017-0276.html http://www.securityfocus.com/bid/96150 http://www.securitytracker.com/id/1037801 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us https://kb.isc.org/docs/aa-01453 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https://www.debian.org/security/2017/dsa-3795 https://access.redhat.com/security/cve/CVE-2017-3135 https:/ • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 87%CPEs: 45EXPL: 0

CVE-2016-9131 – bind: assertion failure while processing response to an ANY query

https://notcve.org/view.php?id=CVE-2016-9131

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada a una query RTYPE ANY. A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2017-0062.html http://www.debian.org/security/2017/dsa-3758 http://www.securityfocus.com/bid/95386 http://www.securitytracker.com/id/1037582 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https://kb.isc.org/article/AA-01439/74/CVE-2016-9131 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https: • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 75%CPEs: 318EXPL: 0

CVE-2016-9444 – bind: assertion failure while handling an unusually-formed DS record response

https://notcve.org/view.php?id=CVE-2016-9444

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de recursos DS manipulado en una respuesta. A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2017-0062.html http://www.debian.org/security/2017/dsa-3758 http://www.securityfocus.com/bid/95393 http://www.securitytracker.com/id/1037582 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https://kb.isc.org/article/AA-01441/74/CVE-2016-9444 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https: • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 95%CPEs: 57EXPL: 0

CVE-2016-8864 – bind: assertion failure while handling responses containing a DNAME answer

https://notcve.org/view.php?id=CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P4, 9.10.x en versiones anteriores a 9.10.4-P4 y 9.11.x en versiones anteriores a 9.11.0-P1 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro DNAME en la sección de respuesta de una respuesta a una petición recursiva, relacionado con db.c y resolver.c. A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2016-2141.html http://rhn.redhat.com/errata/RHSA-2016-2142.html http://rhn.redhat.com/errata/RHSA-2016-2615.html http://rhn.redhat.com/errata/RHSA-2016-2871.html http://www.debian.org/security/2016/dsa-3703 http://www.securityfocus.com/bid/94067 http://www.securitytracker.com/id/1037156 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https:&# • CWE-617: Reachable Assertion •