Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
Categories
There are no subcategories in this category.
11 CVE-2009-0696: BIND Dynamic Update DoS

BIND denial of service (server crash) caused by receipt of a specific remote dynamic update message. CVE: CVE-2009-0696 VU#725188 Posting date: 28 Jul 2009 Program Impacted: BIND Versions affected: BIND 9 (all versions) Severity: High Exploitable: Remotely…

12 CVE-2009-0025: EVP_VerifyFinal() and DSA_do_verify() return checks

Return values from OpenSSL library functions EVP_VerifyFinal() and DSA_do_verify() were not checked properly CVE: CVE-2009-0025 Posting date: 05 Jan 2009 Program Impacted: BIND Versions affected: 9.0 (all versions), 9.1 (all versions), 9.2 (all versions),…

13 CVE-2008-1447: DNS Cache Poisoning Issue ("Kaminsky bug")

A weakness in the DNS protocol may enable the poisoning of caching recurive resolvers with spoofed data. DNSSEC is the only full solution. New versions of BIND provide increased resilience to the attack. CVE: CVE-2008-1447 VU#800113 Posting date: 08 Jul 2008…

14 CVE-2008-0122: Buffer overflow in inet_network()

An off-by-one error in the inet_network() function in libbind could lead to memory corruption with certain inputs. CVE: CVE-2008-0122 VU#203611 Posting date: 18 Jan 2008 Program Impacted: BIND Versions affected: 8 (all versions) 9.0 (all versions) 9.1 (all…

15 CVE-2007-2926: cryptographically weak query ids

The DNS query id generation is vulnerable to cryptographic analysis CVE: CVE-2007-2926 VU#252735 Posting date: 24 Jul 2007 Program Impacted: BIND Versions affected: 9.0 (all versions), 9.1 (all versions), 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7,…

16 CVE-2007-2925: allow-query-cache/allow-recursion default acls not set

The default access control lists (acls) are not being correctly set. CVE: CVE-2007-2925 Posting date: 24 Jul 2007 Program Impacted: BIND Versions affected: 9.4.0, 9.4.1, 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5 Severity: Medium Exploitable: Remotely Description:…

17 CVE-2007-2241: Sequence of queries can cause a recursive nameserver to exit

CVE: CVE-2007-2241 VU#718460 Posting date: 30 April 2007 Program Impacted: BIND Versions affected: 9.4.0 and Alpha releases of 9.5.0 Severity: High Exploitable: Remotely Description: A sequence of queries can cause a recursive nameserver to exit. While it…

18 CVE-2007-0494: Denial of service via ANY query response containing multiple RRsets.

Verification logic for multiple DNSSEC RRsets can trigger server failure. CVE: CVE-2007-0494 Posting date: 30 Jan 2007 Program Impacted: BIND Versions affected: 9.0, 9.1, 9.2, 9.3.0-9.3.3, pre-release versions of 9.4.0, Alpha release of 9.5.0 Severity: Low…

19 CVE-2007-0493: Denial of service via unspecified vectors that cause "dereference a freed fetch context"

A logic error can cause the named process to exit unintentionally. CVE: CVE-2007-0493 Posting date: 30 Jan 2007 Program Impacted: BIND Versions affected: 9.3.0, 9.3.1, 9.3.2, 9.3.3, Alpha and Beta versions of 9.40, Alpha versions of 9.5.0 Severity: Low Exploitable:…

20 CVE-2006-4095: Multiple DoS vulnerabilities

Certain query sequences can cause server failure CVE: CVE-2006-4095 Posting date: 06 Sep 2006 Program Impacted: BIND Versions affected: 9.2, 9.3.0-9.2, pre-release versions of 9.4.0 Severity: High Exploitable: Remotely Description: SIG Query Processing: Recursive…