CVSS: 9.8EPSS: 4%CPEs: 168EXPL: 0CVE-2010-0382 – bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
https://notcve.org/view.php?id=CVE-2010-0382
22 Jan 2010 — ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2... • http://secunia.com/advisories/40086 •
CVSS: 5.9EPSS: 2%CPEs: 168EXPL: 0CVE-2010-0290 – BIND upstream fix for CVE-2009-4022 is incomplete
https://notcve.org/view.php?id=CVE-2010-0290
22 Jan 2010 — Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-200... • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html •
CVSS: 5.9EPSS: 25%CPEs: 169EXPL: 0CVE-2009-4022 – bind: cache poisoning using not validated DNSSEC responses
https://notcve.org/view.php?id=CVE-2009-4022
25 Nov 2009 — Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug ... • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt •
CVSS: 7.5EPSS: 95%CPEs: 65EXPL: 1CVE-2009-0696 – ISC BIND 9 - Remote Dynamic Update Message Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-0696
29 Jul 2009 — The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. La función dns_db_findrdataset en db.c en "named" en ISC BIND v9.4 anterior a v9.4.3-P3, v9.5 anterior a v9.5.1-P3, y v9.6 anterior a v9... • https://www.exploit-db.com/exploits/9300 • CWE-16: Configuration •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2009-0265
https://notcve.org/view.php?id=CVE-2009-0265
26 Jan 2009 — Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. Internet Systems Consortium (ISC) BIND en versiones 9.6.0 y anteriores no comprueba adecuadamente el valor de retorno de la función EVP_VerifyFinal de OpenSSL, lo cual permite a atacantes remotos elud... • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 • CWE-252: Unchecked Return Value CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 2%CPEs: 97EXPL: 0CVE-2009-0025 – bind: DSA_do_verify() returns check issue
https://notcve.org/view.php?id=CVE-2009-0025
07 Jan 2009 — BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3 y versiones anteriores no comprueba adecuadamente el valor de retorno de la función OpenSSL DSA_verify, lo que permite a atacantes remotos eludir la validación de la cadena del certificado a través de un... • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 47%CPEs: 3EXPL: 0CVE-2008-4163
https://notcve.org/view.php?id=CVE-2008-4163
22 Sep 2008 — Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. Vulnerabilidad sin especificar en ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, y 9.5.0-P2-W1 sobre Windows, permite a atacantes remotos provocar una denegación de servicio (caída del manejador cliente UDP) a través de vectores desconocidos. • http://marc.info/?l=bind-announce&m=122180244228376&w=2 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 24%CPEs: 35EXPL: 3CVE-2008-1447 – BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2008-1447
08 Jul 2008 — The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." El... • https://www.exploit-db.com/exploits/6122 • CWE-331: Insufficient Entropy •
CVSS: 10.0EPSS: 21%CPEs: 43EXPL: 0CVE-2008-0122 – libbind off-by-one buffer overflow
https://notcve.org/view.php?id=CVE-2008-0122
16 Jan 2008 — Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. Error por un paso en la función inet_network en libbind en ISC BIND 9.4.2 y versiones anteriores, como se utiliza en libc en FreeBSD 6.2 hasta la versión 7.0-PRERELEASE, permite a atacantes dependientes del con... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 5.8EPSS: 1%CPEs: 3EXPL: 0CVE-2007-2925
https://notcve.org/view.php?id=CVE-2007-2925
24 Jul 2007 — The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. La lista de control de acceso por defecto (ACL) en ISC BIND 9.4.0, 9.4.1, y 9.5.0a1 hasta 9.5.0a5 no asigna las ACLs allow-recursion y allow-query-cache, lo cual permite a atacantes remotos realizar consultas recursivas y consultar la cache. • http://secunia.com/advisories/26227 •