Page 9 of 55 results (0.012 seconds)

CVSS: 8.6EPSS: 73%CPEs: 228EXPL: 0

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, relacionada con db.c y resolver.c. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html http://lists.opensuse.org/opensuse- • CWE-617: Reachable Assertion •

CVSS: 6.8EPSS: 83%CPEs: 29EXPL: 0

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. resolver.c en named en ISC BIND 9.10.x en versiones anteriores a 9.10.3-P4, cuando las cookies DNS están habilitadas, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción INSIST y salida de demonio) a través de un paquete mal formado con más de una opción de cookie. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://www.securityfocus.com/bid/84290 http://www.securitytracker.com/id/1035238 https://kb.isc.org/article/AA-01351 https://kb.isc.org/article/AA-01380 https://security.gentoo.org/glsa/201610-07 • CWE-20: Improper Input Validation •

CVSS: 7.0EPSS: 4%CPEs: 59EXPL: 0

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. buffer.c en named en ISC BIND 9.10.x en versiones anteriores a 9.10.3-P3, cuando inicio de sesión depurado está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción REQUIRE y salida del demonio, o caída del demonio) o posiblemente tener otro impacto no especificado a través de (1) datos OPT o (2) una opción ECS. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/81314 http://www.securitytracker.com/id/1034740 https://kb.isc.org/article/AA-01336 https://kb.isc.org/article/AA-01380 https://security.gentoo.org/glsa/201610-07 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 95%CPEs: 59EXPL: 0

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. apl_42.c en ISC BIND 9.x en versiones anteriores a 9.9.8-P3, 9.9.x y 9.10.x en versiones anteriores a 9.10.3-P3 permite a usuarios remotos autenticados provocar una denegación de servicio (fallo de la afirmación INSIST y salida de demonio) a través de un registro Address Prefix List (APL) mal formado. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178045.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175973.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html http://lists.opensuse.org/opensuse-secu • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 12%CPEs: 164EXPL: 0

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. Condición de carrera en resolver.c en named en ISC BIND 9.9.8 en versiones anteriores a 9.9.8-P2 y 9.10.3 en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción INSIST y salida del demonio) a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html http://www.securityfocus.com/bid/79347 http://www.securitytracker.com/id/1034419 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.539966 https://kb.isc.org/article/AA-01319 https://kb.isc.org/article/AA-01380 https://kb.isc.org/article/AA-01438 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •