Page 8 of 48 results (0.008 seconds)

CVSS: 8.6EPSS: 73%CPEs: 228EXPL: 0

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, relacionada con db.c y resolver.c. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html http://lists.opensuse.org/opensuse- • CWE-617: Reachable Assertion •

CVSS: 7.0EPSS: 4%CPEs: 59EXPL: 0

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. buffer.c en named en ISC BIND 9.10.x en versiones anteriores a 9.10.3-P3, cuando inicio de sesión depurado está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción REQUIRE y salida del demonio, o caída del demonio) o posiblemente tener otro impacto no especificado a través de (1) datos OPT o (2) una opción ECS. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/81314 http://www.securitytracker.com/id/1034740 https://kb.isc.org/article/AA-01336 https://kb.isc.org/article/AA-01380 https://security.gentoo.org/glsa/201610-07 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 95%CPEs: 59EXPL: 0

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. apl_42.c en ISC BIND 9.x en versiones anteriores a 9.9.8-P3, 9.9.x y 9.10.x en versiones anteriores a 9.10.3-P3 permite a usuarios remotos autenticados provocar una denegación de servicio (fallo de la afirmación INSIST y salida de demonio) a través de un registro Address Prefix List (APL) mal formado. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178045.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175973.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html http://lists.opensuse.org/opensuse-secu • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 12%CPEs: 164EXPL: 0

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. Condición de carrera en resolver.c en named en ISC BIND 9.9.8 en versiones anteriores a 9.9.8-P2 y 9.10.3 en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción INSIST y salida del demonio) a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html http://www.securityfocus.com/bid/79347 http://www.securitytracker.com/id/1034419 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 https://kb.isc.org/article/AA-01319 https://kb.isc.org/article/AA-01380 https://kb.isc.org/article/AA-01438 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.0EPSS: 95%CPEs: 170EXPL: 0

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html http://lists.opensuse.org/opensuse-se • CWE-20: Improper Input Validation •