Page 8 of 47 results (0.019 seconds)

CVSS: 4.3EPSS: 1%CPEs: 189EXPL: 0

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y9.7.0 beta, no valida de manera apropiada los registros DNSSEC (1) NSEC y (2) NSEC3, lo que permite a atacantes remotos añadir el flag (bandera) Authenticated Data (AD) a una respuesta NXDOMAIN falsificada para un dominio existente. • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://marc.info/?l=bugtraq&m=127195582210247&w=2 http://secunia.com/advisories/38169 http://secunia.com/adv • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 168EXPL: 0

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. Vulnerabilidad no especificada en ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y 9.7.0 beta, con la validación DNSSEC habilitada y el chequeo (CD) deshabilitado, permite a atacantes remotos realizar ataques de envenenamiento de cache DNS mediante la recepción de una petición recursiva de cliente y el envío de una respuesta que contiene registros (1) CNAME o (2) DNAME, los cuales no realizan la validación establecida antes de cachear, también conocida como Bug 20737. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2009-4022. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://marc.info/?l=oss-security&m=126393609503704&w=2 http://marc.info/?l=oss-security&m=126399602810086&w=2 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://secunia.com/advisories/40086 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 http://www.debian.org/security/2010/dsa-2054 http://www.mandriva.com/security/advisories?name=MDVSA-2010:021 http://www.ubuntu&# •

CVSS: 2.6EPSS: 1%CPEs: 169EXPL: 0

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438. Vulnerabilidad no especificada en ISC BIND 9.0.x hasta la versión 9.3.x, 9.4 en versiones anteriores a 9.4.3-P4, 9.5 en versiones anteriores a 9.5.2-P1, 9.6 en versiones anteriores a 9.6.1-P2 y 9.7 beta en versiones anteriores a 9.7.0b3, con validación DNSSEC habilitada y comprobación deshabilitada (CD), permite a atacantes remotos llevar a cabo ataques de envenenamiento de la caché DNS recibiendo una consulta de cliente recursiva y enviando una respuesta que contiene una sección Additional con datos manipulados, lo cual no es manejado adecuadamente cuando la respuesta es procesada "al mismo tiempo que se solicitan registros DNSSEC (DO)", también conocida como Bug 20438. • ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://osvdb.org/60493 http://secunia.com/advisories/37426 http://secunia.com/advisories/37491 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://secunia.com/advisories/ •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. Internet Systems Consortium (ISC) BIND en versiones 9.6.0 y anteriores no comprueba adecuadamente el valor de retorno de la función EVP_VerifyFinal de OpenSSL, lo cual permite a atacantes remotos eludir la validación del certificado a través de una firma SSL/TLS malformada, se trata de una vulnerabilidad similar a CVE-2008-5077 y CVE-2009-0025. • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://secunia.com/advisories/33559 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 http://www.mandriva.com/security/advisories?name=MDVSA-2009:037 http://www.vupen.com/english/advisories/2009/0043 https://www.isc.org/node/373 • CWE-252: Unchecked Return Value CWE-295: Improper Certificate Validation •

CVSS: 6.8EPSS: 1%CPEs: 97EXPL: 0

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3 y versiones anteriores no comprueba adecuadamente el valor de retorno de la función OpenSSL DSA_verify, lo que permite a atacantes remotos eludir la validación de la cadena del certificado a través de una firma SSL/TLS mal formada, una vulnerabilidad similar a CVE-2008-5077. • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://secunia.com/advisories/33494 http://secunia.com/advisories/33546 http://secunia.com/advisories/33551 http://secunia.com/advisories/33559 http://secunia.com/advisories/33683 http://secunia.com/advisories/33882 http://secunia.com/advisories/35074 http://security&# • CWE-287: Improper Authentication •