CVE-2009-0025 – bind: DSA_do_verify() returns check issue
https://notcve.org/view.php?id=CVE-2009-0025
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3 y versiones anteriores no comprueba adecuadamente el valor de retorno de la función OpenSSL DSA_verify, lo que permite a atacantes remotos eludir la validación de la cadena del certificado a través de una firma SSL/TLS mal formada, una vulnerabilidad similar a CVE-2008-5077. • http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://secunia.com/advisories/33494 http://secunia.com/advisories/33546 http://secunia.com/advisories/33551 http://secunia.com/advisories/33559 http://secunia.com/advisories/33683 http://secunia.com/advisories/33882 http://secunia.com/advisories/35074 http://security • CWE-287: Improper Authentication •
CVE-2008-1447 – BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2008-1447
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." El protocolo DNS, como es implementado en (1) BIND 8 y 9 en versiones anteriores a 9.5.0-P1, 9.4.2-P1 y 9.3.5-P1; (2) Microsoft DNS en Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP1 y SP2; y otras implementaciones permiten a atacantes remotos suplantar el tráfico DNS a través de un ataque de un cumpleaños que usa referencias in-bailiwick para llevar a cabo un envenenamiento del caché contra resolutores recursivos, relacionado con la insifuciente aleatoriedad de la ID de la transacción DNS y los puertos de origen, vulnerabilidad también conocida como "DNS Insufficient Socket Entropy Vulnerability" o "the Kaminsky bug". • https://www.exploit-db.com/exploits/6122 https://www.exploit-db.com/exploits/6130 https://www.exploit-db.com/exploits/6123 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID • CWE-331: Insufficient Entropy •
CVE-2008-0122 – libbind off-by-one buffer overflow
https://notcve.org/view.php?id=CVE-2008-0122
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. Error por un paso en la función inet_network en libbind en ISC BIND 9.4.2 y versiones anteriores, como se utiliza en libc en FreeBSD 6.2 hasta la versión 7.0-PRERELEASE, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de entradas manipuladas que desencadenan corrupción de memoria. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28367 http://secunia.com/advisories/28429 http://secunia.com/advisories/28487 http://secunia.com/advisories/28579 http://secunia.com/advisories/29161 http://secunia.com/advisories/29323 http://secunia.com/advisories/30313 http://secunia.com/advisories/30538 http://secunia.com/advisories/30718 http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc http://sunsolve.s • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVE-2007-2926 – BIND 9 0.3beta - DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2007-2926
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. ISC BIND 9 hasta 9.5.0a5 utiliza un número aleatorio debil a lo largo de la generación de la consulta DNS ids cuando se responde la pregunta a resolver o enviando mensajes NOTIFY a servidores de nombre esclavos, lo cual hace más fácil para atacantes remotos para adivinar la siguiente consulta id y llevar a cabo envenenamientos de la cache DNS. • https://www.exploit-db.com/exploits/4266 ftp://aix.software.ibm.com/aix/efixes/security/README ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://docs.info.apple.com/article.html?artnum=307041 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368 http://lists.apple.com/archives/ •
CVE-2007-0494 – BIND dnssec denial of service
https://notcve.org/view.php?id=CVE-2007-0494
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. ISC BIND 9.0.x, 9.1.x, 9.2.0 hasta la versión 9.2.7, 9.3.0 hasta la versión 9.3.3, 9.4.0a1 hasta la versión 9.4.0a6, 9.4.0b1 hasta la versión 9.4.0b4, 9.4.0rc1 y 9.5.0a1 (solo Bind Forum) permite a atacantes remotos provocar una denegación de servicio (salida) a través de la respuesta a una consulta DNS tipo * (ANY) que contiene múltiples RRsets, lo que desencadena un error de aserción, también conocido como la vulnerabilidad "DNSSEC Validation". • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://docs.info.apple.com/article.html?artnum=305530 http://fedoranews.org/cms/node/2507 http://fedoranews.org/cms/node/2537 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://lists.grok.org.uk/pipermail/ • CWE-19: Data Processing Errors •