Download
| Alert*
|
oval:org.secpod.oval:def:51895
bind9: Internet Domain Name Server Details: USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update ad ... oval:org.secpod.oval:def:55028 Multiple vulnerabilities were found in the BIND DNS server: CVE-2018-5743 Connection limits were incorrectly enforced. CVE-2018-5745 The "managed-keys" feature was susceptible to denial of service by triggering an assert. CVE-2019-6465 ACLs for zone transfers were incorrectly enforced for ... oval:org.secpod.oval:def:54587 bind9: Internet Domain Name Server Bind could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:702422 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:64144 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed ... oval:org.secpod.oval:def:600225 It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer . Such an update while processing a query could result in deadlock and denial of service. In addition, this ... oval:org.secpod.oval:def:600582 It was discovered that BIND, a DNS server, does not correctly process certain UPDATE requests, resulting in a server crash and a denial of service. This vulnerability affects BIND installations even if they do not actually use dynamic DNS updates. oval:org.secpod.oval:def:600534 It was discovered that BIND, an implementation of the DNS protocol, does not correctly process certain large RRSIG record sets in DNSSEC responses. The resulting assertion failure causes the name server process to crash, making name resolution unavailable. In addition, this update fixes handling of ... oval:org.secpod.oval:def:600650 It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue. oval:org.secpod.oval:def:702640 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:70384 bind9: Internet Domain Name Server Bind could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:70223 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:71646 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2021-25214 Greg Kuechle discovered that a malformed incoming IXFR transfer could trigger an assertion failure in named, resulting in denial of service. CVE-2021-25215 Siva Kakarla discovered that named could crash when ... oval:org.secpod.oval:def:701097 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:603017 The security update announced as DSA-3904-1 in bind9 introduced a regression. The fix for CVE-2017-3142 broke verification of TSIG signed TCP message sequences where not all the messages contain TSIG records. This is conform to the spec and may be used in AXFR and IXFR response. oval:org.secpod.oval:def:701710 bind9 is installed oval:org.secpod.oval:def:704123 bind9: Internet Domain Name Server Bind could incorrectly enable recursion. oval:org.secpod.oval:def:51057 bind9: Internet Domain Name Server Bind could incorrectly enable recursion. oval:org.secpod.oval:def:51034 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:50984 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:2001323 To provide fine-grained controls over the ability to use Dynamic DNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update reques ... oval:org.secpod.oval:def:604853 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed ... oval:org.secpod.oval:def:601001 Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. oval:org.secpod.oval:def:701378 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:600823 It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected. oval:org.secpod.oval:def:601076 Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. oval:org.secpod.oval:def:600855 Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation. oval:org.secpod.oval:def:701237 bind9: Internet Domain Name Server Bind could be made to consume memory or crash if it received specially crafted network traffic. oval:org.secpod.oval:def:601771 Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause name ... oval:org.secpod.oval:def:600901 It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers. oval:org.secpod.oval:def:701035 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:600886 It was discovered that BIND, a DNS server, does not handle DNS records properly which approach size limits inherent to the DNS protocol. An attacker could use crafted DNS records to crash the BIND server process, leading to a denial of service. oval:org.secpod.oval:def:701543 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703432 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:602179 Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit. oval:org.secpod.oval:def:25767 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702900 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702733 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602165 Breno Silveira Soares of Servico Federal de Processamento de Dados discovered that the BIND DNS server is prone to a denial of service vulnerability. A remote attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause the resolver to terminat ... oval:org.secpod.oval:def:702338 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702681 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703012 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:52520 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:52367 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:52410 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:52537 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:52659 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602220 Hanno Boeck discovered that incorrect validation of DNSSEC-signed records in the Bind DNS server could result in denial of service. Updates oval:org.secpod.oval:def:602341 It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service. oval:org.secpod.oval:def:602418 Two vulnerabilities have been discovered in ISC"s BIND DNS server. CVE-2016-1285 A maliciously crafted rdnc, a way to remotely administer a BIND server, operation can cause named to crash, resulting in denial of service. CVE-2016-1286 An error parsing DNAME resource records can cause named to crash, ... oval:org.secpod.oval:def:601958 Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator"s part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation ... oval:org.secpod.oval:def:702937 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:52677 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:601861 It was discovered that BIND, a DNS server, is prone to a denial of service vulnerability. By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited q ... oval:org.secpod.oval:def:52565 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:52728 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602309 It was discovered that the BIND DNS server does not properly handle the parsing of incoming responses, allowing some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. ... oval:org.secpod.oval:def:703324 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:88469 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:2001566 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service via a large AXFR response, and possibly allows IXFR servers to cause a denial of service via a large IXFR response and allows remote authenticated users to cause ... oval:org.secpod.oval:def:1900492 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through9.11.0b1 allows primary DNS servers to cause a denial of service via a large AXFR response, and possibly allows IXFRservers to cause a denial of service via a large IXFRresponse and allows remote authenticated users to cause a de ... oval:org.secpod.oval:def:1901519 ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service via a long request that uses the lightweight resolver protocol. oval:org.secpod.oval:def:602735 Several denial-of-service vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2016-9131 A crafted upstream response to an ANY query could cause an assertion failure. CVE-2016-9147 A crafted upstream response with self-contradicting DNSSEC data could cause an assertion failure. ... oval:org.secpod.oval:def:40152 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:38739 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:51517 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:51661 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602629 Two vulnerabilities were reported in BIND, a DNS server. CVE-2016-2775 The lwresd component in BIND could crash while processing an overlong request name. This could lead to a denial of service. CVE-2016-2776 A crafted query could crash the BIND name server daemon, leading to a denial of service. A ... oval:org.secpod.oval:def:51723 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703471 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602657 Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily affects ... oval:org.secpod.oval:def:703338 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:703285 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:51640 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:602783 It was discovered that a maliciously crafted query can cause ISC"s BIND DNS server to crash if both Response Policy Zones and DNS64 are enabled. It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice. This update also c ... oval:org.secpod.oval:def:703954 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:51835 bind9: Internet Domain Name Server Bind could be made to serve incorrect information or expose sensitive information over the network. oval:org.secpod.oval:def:703804 bind9: Internet Domain Name Server Details: USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update ad ... oval:org.secpod.oval:def:51973 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:68291 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with n ... oval:org.secpod.oval:def:703685 bind9: Internet Domain Name Server Bind could be made to serve incorrect information or expose sensitive information over the network. oval:org.secpod.oval:def:603234 Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named. oval:org.secpod.oval:def:704323 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:51130 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:704502 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:52136 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:2000139 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys oval:org.secpod.oval:def:2000120 Zone transfer controls for writable DLZ zones were not effective oval:org.secpod.oval:def:704917 bind9: Internet Domain Name Server Bind could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:603915 Multiple vulnerabilities were found in the BIND DNS server: CVE-2018-5743 Connection limits were incorrectly enforced. CVE-2018-5745 The managed-keys feature was susceptible to denial of service by triggering an assert. CVE-2019-6465 ACLs for zone transfers were incorrectly enforced for dynamically ... oval:org.secpod.oval:def:602877 Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the "break- ... oval:org.secpod.oval:def:51522 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:605445 A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service , or potentially the execution of arbitrary code. oval:org.secpod.oval:def:69875 A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service , or potentially the execution of arbitrary code. oval:org.secpod.oval:def:605515 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2021-25214 Greg Kuechle discovered that a malformed incoming IXFR transfer could trigger an assertion failure in named, resulting in denial of service. CVE-2021-25215 Siva Kakarla discovered that named could crash when ... oval:org.secpod.oval:def:610361 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named. oval:org.secpod.oval:def:89395 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:89381 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:89330 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named. oval:org.secpod.oval:def:88405 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795 Yehuda Afek, Anat Bremler-Barr and Shani Stajnrod discovered that a flaw in the resolver code can cause named to spend excessive amounts of time on processing large delegations, significantly degrade resolver ... oval:org.secpod.oval:def:88489 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:79865 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:610166 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795 Yehuda Afek, Anat Bremler-Barr and Shani Stajnrod discovered that a flaw in the resolver code can cause named to spend excessive amounts of time on processing large delegations, significantly degrade resolver ... oval:org.secpod.oval:def:76000 bind9: Internet Domain Name Server Bind could be made to consume resources if it received specially crafted network traffic. oval:org.secpod.oval:def:79863 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:79858 Two vulnerabilities were found in the BIND DNS server, which could result in denial of service or cache poisoning. oval:org.secpod.oval:def:605663 Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service . oval:org.secpod.oval:def:606183 Two vulnerabilities were found in the BIND DNS server, which could result in denial of service or cache poisoning. oval:org.secpod.oval:def:612676 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel code which may result in denial of service . CVE-2023-4236 Robert Story discovered that a flaw in the networking code handling DNS-over-TLS querie ... oval:org.secpod.oval:def:708263 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:95213 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel code which may result in denial of service . CVE-2023-4236 Robert Story discovered that a flaw in the networking code handling DNS-over-TLS querie ... oval:org.secpod.oval:def:91652 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:95161 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-2828 Shoham Danino, Anat Bremler-Barr, Yehuda Afek and Yuval Shavitt discovered that a flaw in the cache-cleaning algorithm used in named can cause that named"s configured cache size limit can be significantly exc ... oval:org.secpod.oval:def:95023 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:98517 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service. oval:org.secpod.oval:def:708768 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:98708 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:708755 bind9: Internet Domain Name Server Several security issues were fixed in Bind. oval:org.secpod.oval:def:98719 bind9: Internet Domain Name Server Several security issues were fixed in Bind. |
