Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
1 BIND 8 Security Vulnerability Matrix Featured

This table summarizes the vulnerability to the bugs mentioned for all released versions of BIND 8 as of 2008. BIND 8 may be vulnerable to any or all of the BIND CVEs released since. BIND 8 is in "End of Life" status, which means that we recommend that you…

2 CVE-2005-0033: BIND: q_usedns array overrun

A buffer overflow can cause the server to exit. CVE: CVE-2005-0033 CERT: VU#327633 Posting date: 25 Jan 2005 Program Impacted: BIND Versions affected: 8.4.4 and 8.4.5 Severity: Low Exploitable: Remotely Description: It is possible to overrun the q_usedns…

3 CVE-2003-0914: BIND: Negative Cache DOS (negcache)

A maliciously configured name server can trick a resolver into caching false no-such-name responses for long periods of time. CVE: CVE-2003-0914 CERT: VU#734644 Posting date: 04 Feb 2004 Program Impacted: BIND Versions affected: All versions prior to 8.4.3…

4 CVE-2002-1219: BIND: Remote Execution of Code (sigrec)

The name server can be tricked into executing arbitrary code. CVE: CVE-2002-1219 CERT: VU#852283 Posting date: 12 Nov 2002 Program Impacted: BIND Versions affected: 4.9.5 - 4.9.10, 8.1 - 8.2.6, 8.3.0 - 8.3.3 Severity: Serious Exploitable: Remotely Description:…

5 CVE-2002-1221: BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times

De-referencing null pointer for certain signature expire values. CVE: CVE-2002-1221 CERT: VU#581682 Posting date: 12 Nov 2002 Program Impacted: BIND Versions affected: 8.3.0 - 8.3.3 Severity: Serious Exploitable: Remotely Description: Remote attackers can…

6 CVE-2002-1220: Assertion failure with large UDP size for nonexistent subdomain

Possibility to execute arbitrary code CVE: CVE-2002-1220 CERT: VU#229595 Posting date: 12 Nov 2002 Program Impacted: BIND Versions affected: 8.3.0 - 8.3.3 Severity: Serious Exploitable: Remotely Description: Remote attackers can cause a denial of service…

7 CVE-2002-0651: libbind buffer overflow

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. CVE: CVE-2002-0651 CERT: VU#803539…

8 CVE-2001-0012: Infoleak

It is possible to construct a inverse query that allows the stack to be read, remotely exposing environment variables. CVE: CVE-2001-0012 CERT: VU#325431 Posting date: 29 Jan 2001 Program Impacted: BIND Versions affected: 4.8 - 4.9.7, 8.1 - prerelease versions…

9 CVE-2001-0011: Buffer overflow in nslookupComplain()

Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges CVE: CVE-2001-0011 CERT: VU#572183 Posting date: 29 Jan 2001 Program Impacted: BIND Versions affected: 4.9.3 - 4.9.7 Severity: Serious Exploitable: Remotely…

10 CVE-2001-0013: Format string vulnerability in nslookupComplain()

Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. CVE: CVE-2001-0013 CERT: VU#868916 Posting date: 29 Jan 2001 Program Impacted: BIND Versions affected: 4.9.3 - 4.9.7 Severity: Serious Exploitable:…

1 2 Next