CVSS: 7.5EPSS: 93%CPEs: 238EXPL: 0CVE-2011-1910 – bind: Large RRSIG RRsets and Negative Caching can crash named
https://notcve.org/view.php?id=CVE-2011-1910
31 May 2011 — Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. Error de superación de límite (off-by-one) en named de ISC BIND 9.x anteriores a 9.7.3-P1, 9.8.x anteriores a 9.8.0-P2, 9.4-ESV anteriores a 9.4-ESV-R4-P1, y 9.6-ESV anteriores a 9.6-ESV-R4-P1 permite a servidores remotos... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 90%CPEs: 1EXPL: 0CVE-2011-1907
https://notcve.org/view.php?id=CVE-2011-1907
09 May 2011 — ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query. ISC BIND v9.8.x anterior a v9.8.0-P1, cuando el reemplazo Response Policy Zones (RPZ) RRset es habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de un consulta RRSIG. • http://secunia.com/advisories/44416 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 12%CPEs: 9EXPL: 0CVE-2011-0414
https://notcve.org/view.php?id=CVE-2011-0414
23 Feb 2011 — ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. En ISC BIND versión 9.7.1 hasta 9.7.2-P3, cuando está configurado como un servidor autorizado, permite a los atacantes remotos generar una denegación de servicio (punto muerto y suspensión de demonio) al enviar una consulta en el momento de (1) una transferencia IXFR o ( 2) una... • http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.2EPSS: 4%CPEs: 236EXPL: 0CVE-2010-3614 – bind: key algorithm rollover may mark secure answers as insecure
https://notcve.org/view.php?id=CVE-2010-3614
03 Dec 2010 — named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. named en ISC BIND 9.x anteriores a 9.6.2-P3, 9.7.x anteriores a 9.7.2-P3, 9.4-ESV anteriores a 9.4-ESV-R4, y 9.6-ESV anteriores a 9.6-ESV-R3 no determina apropiadamente el status... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 9%CPEs: 1EXPL: 0CVE-2010-3615
https://notcve.org/view.php?id=CVE-2010-3615
03 Dec 2010 — named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. named en ISC BIND 9.7.2-P2 no comprueba todas las localizaciones previstas para las ACLs "allow-query" (permitir consultas), lo que puede permitir a atacantes remotos realizar peticiones con éxito a registros DNS privados a través del mecanismo de consulta DNS estándar. • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0CVE-2010-3613 – bind: failure to clear existing RRSIG records when a NO DATA is negatively cached could DoS named
https://notcve.org/view.php?id=CVE-2010-3613
03 Dec 2010 — named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. named en ISC BIND 9.6.2 anteriores a 9.6.2-P3, 9.6-ESV anteriores a 9.6-ESV-R3, y 9.7.x anteriores a 9.7.2-P3 no maneja apropiadamente la combinación de respuestas negativas firmadas y los correspond... • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0CVE-2010-3762 – Bind: DoS (assertion failure) via a DNS query with bad signatures
https://notcve.org/view.php?id=CVE-2010-3762
05 Oct 2010 — ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. ISC BIND antes de su versión v9.7.2-P2, cuando la validación DNSSEC está habilitada, no controla correctamente ciertas firmas incorrectas si existen múltiples puntos confianza para una sola zona, lo que permite a atacantes remotos provocar una denegación de ser... • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0218
https://notcve.org/view.php?id=CVE-2010-0218
05 Oct 2010 — ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. ISC BIND v9.7.2 a v9.7.2-P1 utiliza una ACL incorrecta para restringir la capacidad de las queries de Recursividad Deseada (RD) de acceder a la caché, lo que permite obtener información sensible a atacantes remotos a través de una consulta DNS. • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 0CVE-2010-0213
https://notcve.org/view.php?id=CVE-2010-0213
27 Jul 2010 — BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. BIND v9.7.1 y v9.7.1-P1, cuando un servidor de validación recursivo tiene un identificador de confianza que es configurado estáticamente o a trav... • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 12%CPEs: 189EXPL: 0CVE-2010-0097 – BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses
https://notcve.org/view.php?id=CVE-2010-0097
22 Jan 2010 — ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y9.7.0 beta, no valida de manera apropiada los registros DNSS... • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt • CWE-20: Improper Input Validation •