Download
| Alert*
|
CVE-1999-0009
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. CVE-1999-0849 Denial of service in BIND named via maxdname. CVE-1999-0024 DNS cache poisoning via BIND, by predictable query IDs. CVE-1999-1499 named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. CVE-2000-1029 Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. CVE-2002-1221 BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. CVE-2009-0025 BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. CVE-2018-5741 To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update ... CVE-2009-0265 Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE ... |
