CVSS: 10.0EPSS: 1%CPEs: 43EXPL: 0CVE-2008-0122 – libbind off-by-one buffer overflow
https://notcve.org/view.php?id=CVE-2008-0122
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. Error por un paso en la función inet_network en libbind en ISC BIND 9.4.2 y versiones anteriores, como se utiliza en libc en FreeBSD 6.2 hasta la versión 7.0-PRERELEASE, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de entradas manipuladas que desencadenan corrupción de memoria. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28367 http://secunia.com/advisories/28429 http://secunia.com/advisories/28487 http://secunia.com/advisories/28579 http://secunia.com/advisories/29161 http://secunia.com/advisories/29323 http://secunia.com/advisories/30313 http://secunia.com/advisories/30538 http://secunia.com/advisories/30718 http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc http://sunsolve.s • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 4.3EPSS: 29%CPEs: 7EXPL: 1CVE-2007-2926 – BIND 9 0.3beta - DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2007-2926
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. ISC BIND 9 hasta 9.5.0a5 utiliza un número aleatorio debil a lo largo de la generación de la consulta DNS ids cuando se responde la pregunta a resolver o enviando mensajes NOTIFY a servidores de nombre esclavos, lo cual hace más fácil para atacantes remotos para adivinar la siguiente consulta id y llevar a cabo envenenamientos de la cache DNS. • https://www.exploit-db.com/exploits/4266 ftp://aix.software.ibm.com/aix/efixes/security/README ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://docs.info.apple.com/article.html?artnum=307041 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368 http://lists.apple.com/archives/ •
CVSS: 4.3EPSS: 97%CPEs: 92EXPL: 0CVE-2007-0494 – BIND dnssec denial of service
https://notcve.org/view.php?id=CVE-2007-0494
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. ISC BIND 9.0.x, 9.1.x, 9.2.0 hasta la versión 9.2.7, 9.3.0 hasta la versión 9.3.3, 9.4.0a1 hasta la versión 9.4.0a6, 9.4.0b1 hasta la versión 9.4.0b4, 9.4.0rc1 y 9.5.0a1 (solo Bind Forum) permite a atacantes remotos provocar una denegación de servicio (salida) a través de la respuesta a una consulta DNS tipo * (ANY) que contiene múltiples RRsets, lo que desencadena un error de aserción, también conocido como la vulnerabilidad "DNSSEC Validation". • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://docs.info.apple.com/article.html?artnum=305530 http://fedoranews.org/cms/node/2507 http://fedoranews.org/cms/node/2537 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://lists.grok.org.uk/pipermail/ • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories&#x • CWE-617: Reachable Assertion •
CVSS: 5.0EPSS: 8%CPEs: 13EXPL: 0CVE-2006-2073
https://notcve.org/view.php?id=CVE-2006-2073
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. • http://secunia.com/advisories/19808 http://securitytracker.com/id?1015993 http://www.kb.cert.org/vuls/id/955777 http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en http://www.securityfocus.com/bid/17692 http://www.vupen.com/english/advisories/2006/1505 http://www.vupen.com/english/advisories/2006/1537 https://exchange.xforce.ibmcloud.com/vulnerabilities/26081 •