CVSS: 7.5EPSS: 19%CPEs: 1EXPL: 0CVE-2010-3762 – Bind: DoS (assertion failure) via a DNS query with bad signatures
https://notcve.org/view.php?id=CVE-2010-3762
05 Oct 2010 — ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. ISC BIND antes de su versión v9.7.2-P2, cuando la validación DNSSEC está habilitada, no controla correctamente ciertas firmas incorrectas si existen múltiples puntos confianza para una sola zona, lo que permite a atacantes remotos provocar una denegación de ser... • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0218
https://notcve.org/view.php?id=CVE-2010-0218
05 Oct 2010 — ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. ISC BIND v9.7.2 a v9.7.2-P1 utiliza una ACL incorrecta para restringir la capacidad de las queries de Recursividad Deseada (RD) de acceder a la caché, lo que permite obtener información sensible a atacantes remotos a través de una consulta DNS. • http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2010-0213
https://notcve.org/view.php?id=CVE-2010-0213
27 Jul 2010 — BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. BIND v9.7.1 y v9.7.1-P1, cuando un servidor de validación recursivo tiene un identificador de confianza que es configurado estáticamente o a trav... • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 1%CPEs: 189EXPL: 0CVE-2010-0097 – BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses
https://notcve.org/view.php?id=CVE-2010-0097
22 Jan 2010 — ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y9.7.0 beta, no valida de manera apropiada los registros DNSS... • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 3%CPEs: 168EXPL: 0CVE-2010-0290 – BIND upstream fix for CVE-2009-4022 is incomplete
https://notcve.org/view.php?id=CVE-2010-0290
22 Jan 2010 — Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-200... • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html •
CVSS: 9.8EPSS: 34%CPEs: 168EXPL: 0CVE-2010-0382 – bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
https://notcve.org/view.php?id=CVE-2010-0382
22 Jan 2010 — ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2... • http://secunia.com/advisories/40086 •
CVSS: 5.9EPSS: 20%CPEs: 169EXPL: 0CVE-2009-4022 – bind: cache poisoning using not validated DNSSEC responses
https://notcve.org/view.php?id=CVE-2009-4022
25 Nov 2009 — Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug ... • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt •