Vulnerabilities > ISC > Bind > 4.9.9

DATE CVE VULNERABILITY TITLE RISK
2019-01-16 CVE-2018-5741 Incorrect Authorization vulnerability in ISC Bind
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy.
network
low complexity
isc CWE-863
4.0
2009-01-26 CVE-2009-0265 Unchecked Return Value vulnerability in ISC Bind
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
network
low complexity
isc CWE-252
7.5
2008-01-16 CVE-2008-0122 Numeric Errors vulnerability in ISC Bind
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
network
low complexity
isc freebsd CWE-189
critical
10.0
2007-09-12 CVE-2007-2930 Remote Cache Poisoning vulnerability in ISC BIND 8
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors.
network
isc
4.3
2006-09-06 CVE-2006-4095 Reachable Assertion vulnerability in multiple products
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
network
low complexity
isc canonical apple CWE-617
7.5
2002-12-31 CVE-2002-2213 Remote Security vulnerability in BIND
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
network
low complexity
infoblox isc
5.0
2002-12-31 CVE-2002-2212 Remote Security vulnerability in BIND
The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
network
low complexity
isc fujitsu
5.0
2002-12-31 CVE-2002-2211 Remote Security vulnerability in BIND
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
network
low complexity
isc
5.0
2002-11-29 CVE-2002-1219 Buffer Overflow vulnerability in ISC BIND SIG Cached Resource Record
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
network
low complexity
isc freebsd openbsd
7.5
2002-11-29 CVE-2002-0029 Buffer Overflow vulnerability in ISC BIND DNS Resolver
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
network
low complexity
isc astaro
7.5