| 0 |
|
| 1 |
| url |
VCID-3972-p4wc-vfe7 |
| vulnerability_id |
VCID-3972-p4wc-vfe7 |
| summary |
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-6469
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3972-p4wc-vfe7 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| url |
VCID-5179-3jyd-h3dm |
| vulnerability_id |
VCID-5179-3jyd-h3dm |
| summary |
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2015-8461
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5179-3jyd-h3dm |
|
| 7 |
| url |
VCID-52fs-qdan-nqbz |
| vulnerability_id |
VCID-52fs-qdan-nqbz |
| summary |
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1284
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-52fs-qdan-nqbz |
|
| 8 |
| url |
VCID-63mz-zusw-1yde |
| vulnerability_id |
VCID-63mz-zusw-1yde |
| summary |
ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0218
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-63mz-zusw-1yde |
|
| 9 |
| url |
VCID-6p8z-9vyj-s3bj |
| vulnerability_id |
VCID-6p8z-9vyj-s3bj |
| summary |
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-6467
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6p8z-9vyj-s3bj |
|
| 10 |
|
| 11 |
|
| 12 |
| url |
VCID-8ma3-d4fg-kbe5 |
| vulnerability_id |
VCID-8ma3-d4fg-kbe5 |
| summary |
In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2019-6468
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ma3-d4fg-kbe5 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| url |
VCID-awsv-u8q8-dubq |
| vulnerability_id |
VCID-awsv-u8q8-dubq |
| summary |
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2002-0029
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-awsv-u8q8-dubq |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| url |
VCID-cj92-9qzd-qqhk |
| vulnerability_id |
VCID-cj92-9qzd-qqhk |
| summary |
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-0122
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cj92-9qzd-qqhk |
|
| 22 |
|
| 23 |
| url |
VCID-e24t-wfdb-rkb3 |
| vulnerability_id |
VCID-e24t-wfdb-rkb3 |
| summary |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2007-6283
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e24t-wfdb-rkb3 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| url |
VCID-hedb-jrny-jyav |
| vulnerability_id |
VCID-hedb-jrny-jyav |
| summary |
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2018-5734
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hedb-jrny-jyav |
|
| 31 |
|
| 32 |
| url |
VCID-jbdy-s427-gbfw |
| vulnerability_id |
VCID-jbdy-s427-gbfw |
| summary |
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2002-1220
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jbdy-s427-gbfw |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
| url |
VCID-nytd-qwk3-akcy |
| vulnerability_id |
VCID-nytd-qwk3-akcy |
| summary |
The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-6230
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nytd-qwk3-akcy |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
| url |
VCID-r2e1-3cv3-uqf7 |
| vulnerability_id |
VCID-r2e1-3cv3-uqf7 |
| summary |
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2002-2211
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r2e1-3cv3-uqf7 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
| url |
VCID-wuax-sek4-4kbe |
| vulnerability_id |
VCID-wuax-sek4-4kbe |
| summary |
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2002-1221
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wuax-sek4-4kbe |
|
| 49 |
| url |
VCID-x7ea-y7x6-z3hu |
| vulnerability_id |
VCID-x7ea-y7x6-z3hu |
| summary |
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2002-1219
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x7ea-y7x6-z3hu |
|
| 50 |
|
| 51 |
|
| 52 |
| url |
VCID-yqmq-rz8a-xugf |
| vulnerability_id |
VCID-yqmq-rz8a-xugf |
| summary |
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2008-4163
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yqmq-rz8a-xugf |
|
| 53 |
| url |
VCID-yyzv-y41j-dbdu |
| vulnerability_id |
VCID-yyzv-y41j-dbdu |
| summary |
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2014-3859
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yyzv-y41j-dbdu |
|