CVE-2015-5722 – bind: malformed DNSSEC key failed assertion denial of service
https://notcve.org/view.php?id=CVE-2015-5722
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. Vulnerabilidad en buffer.c en nombrado en ISC BIND 9.x en versiones anteriores a 9.9.7-P3 y 9.10.x en versiones anteriores a 9.10.2-P4, permite a atacantes remotos causar una denegación de servicio (error de aserción y salida del demonio) mediante la creación de una zona de contención, una clave DNSSEC mal formada y la emisión de una consulta para un nombre en esa zona. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html http://lists.opensuse.org/op • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2015-5477 – ISC BIND 9 - TKEY Remote Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-5477
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. Vulnerabilidad identificada en ISC BIND 9.x en versiones anteriores a 9.9.7-P2 y 9.10.x en versiones anteriores a 9.10.2-P3, permite a atacantes remotos causar una denegación de servicio (fallo en la comprobación de REQUIRE y salida del demonio) a través de consultas TKEY. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. • https://www.exploit-db.com/exploits/37723 https://www.exploit-db.com/exploits/37721 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html http://lists.opensuse.org/opensuse-se • CWE-19: Data Processing Errors CWE-617: Reachable Assertion •
CVE-2014-8500 – bind: delegation handling denial of service
https://notcve.org/view.php?id=CVE-2014-8500
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. ISC BIND 9.0.x hasta 9.8.x, 9.9.0 hasta 9.9.6, y 9.10.0 hasta 9.10.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída del nombrado) a través de un número grande o infinito de referencias. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. • http://advisories.mageia.org/MGASA-2014-0524.html http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676 http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html http://lists • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2012-5166 – bind: Specially crafted DNS data can cause a lockup in named
https://notcve.org/view.php?id=CVE-2012-5166
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. ISC BIND v9.x antes de v9.7.6-P4, v9.8.x antes de v9.8.3-P4, v9.9.x antes de v9.9.1-P4, y v9.4-ESV y 9.6-ESV antes de v9.6-ESV-R7-P, permite a atacantes remotos provocar una denegación de servicio a través de combinaciones no especificadas de registros de recursos. • http://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090346.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090491.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090586.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce • CWE-189: Numeric Errors •
CVE-2012-4244 – bind: specially crafted resource record causes named to exit
https://notcve.org/view.php?id=CVE-2012-4244
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. ISC BIND v9.x antes de v9.7.6-P3, v9.8.x antes de v9.8.3-P3, v9.9.x antes de v9.9.1-P3, y v9.4-ESV y v9.6-ESV antes de v9.6-ESV-R7-P3 permite provocar una denegación de servicio (error de aserción y salida de demonio) a atacantes remotos a través de una consulta para un registro de recursos demasiado largo. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html http://lists.opensuse.org/opensuse-security& •