CVSS: 6.8EPSS: 11%CPEs: 35EXPL: 3CVE-2008-1447 – BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2008-1447
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." El protocolo DNS, como es implementado en (1) BIND 8 y 9 en versiones anteriores a 9.5.0-P1, 9.4.2-P1 y 9.3.5-P1; (2) Microsoft DNS en Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP1 y SP2; y otras implementaciones permiten a atacantes remotos suplantar el tráfico DNS a través de un ataque de un cumpleaños que usa referencias in-bailiwick para llevar a cabo un envenenamiento del caché contra resolutores recursivos, relacionado con la insifuciente aleatoriedad de la ID de la transacción DNS y los puertos de origen, vulnerabilidad también conocida como "DNS Insufficient Socket Entropy Vulnerability" o "the Kaminsky bug". • https://www.exploit-db.com/exploits/6122 https://www.exploit-db.com/exploits/6130 https://www.exploit-db.com/exploits/6123 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID • CWE-331: Insufficient Entropy •
CVSS: 10.0EPSS: 1%CPEs: 43EXPL: 0CVE-2008-0122 – libbind off-by-one buffer overflow
https://notcve.org/view.php?id=CVE-2008-0122
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. Error por un paso en la función inet_network en libbind en ISC BIND 9.4.2 y versiones anteriores, como se utiliza en libc en FreeBSD 6.2 hasta la versión 7.0-PRERELEASE, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de entradas manipuladas que desencadenan corrupción de memoria. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28367 http://secunia.com/advisories/28429 http://secunia.com/advisories/28487 http://secunia.com/advisories/28579 http://secunia.com/advisories/29161 http://secunia.com/advisories/29323 http://secunia.com/advisories/30313 http://secunia.com/advisories/30538 http://secunia.com/advisories/30718 http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc http://sunsolve.s • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 4.3EPSS: 35%CPEs: 7EXPL: 1CVE-2007-2926 – BIND 9 0.3beta - DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2007-2926
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. ISC BIND 9 hasta 9.5.0a5 utiliza un número aleatorio debil a lo largo de la generación de la consulta DNS ids cuando se responde la pregunta a resolver o enviando mensajes NOTIFY a servidores de nombre esclavos, lo cual hace más fácil para atacantes remotos para adivinar la siguiente consulta id y llevar a cabo envenenamientos de la cache DNS. • https://www.exploit-db.com/exploits/4266 ftp://aix.software.ibm.com/aix/efixes/security/README ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://docs.info.apple.com/article.html?artnum=307041 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368 http://lists.apple.com/archives/ •
CVSS: 4.3EPSS: 97%CPEs: 92EXPL: 0CVE-2007-0494 – BIND dnssec denial of service
https://notcve.org/view.php?id=CVE-2007-0494
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. ISC BIND 9.0.x, 9.1.x, 9.2.0 hasta la versión 9.2.7, 9.3.0 hasta la versión 9.3.3, 9.4.0a1 hasta la versión 9.4.0a6, 9.4.0b1 hasta la versión 9.4.0b4, 9.4.0rc1 y 9.5.0a1 (solo Bind Forum) permite a atacantes remotos provocar una denegación de servicio (salida) a través de la respuesta a una consulta DNS tipo * (ANY) que contiene múltiples RRsets, lo que desencadena un error de aserción, también conocido como la vulnerabilidad "DNSSEC Validation". • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://docs.info.apple.com/article.html?artnum=305530 http://fedoranews.org/cms/node/2507 http://fedoranews.org/cms/node/2537 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://lists.grok.org.uk/pipermail/ • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories&#x • CWE-617: Reachable Assertion •