Vulnerabilities > ISC > Bind > 4

DATE CVE VULNERABILITY TITLE RISK
2019-01-16 CVE-2018-5741 Incorrect Authorization vulnerability in ISC Bind
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy.
network
low complexity
isc CWE-863
4.0
2009-01-26 CVE-2009-0265 Unchecked Return Value vulnerability in ISC Bind
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
network
low complexity
isc CWE-252
7.5
2008-07-08 CVE-2008-1447 Insufficient Entropy vulnerability in ISC Bind 4/8/9.2.9
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
network
low complexity
canonical cisco debian microsoft redhat isc CWE-331
5.0
2008-01-16 CVE-2008-0122 Numeric Errors vulnerability in ISC Bind
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
network
low complexity
isc freebsd CWE-189
critical
10.0
2007-09-12 CVE-2007-2930 Remote Cache Poisoning vulnerability in ISC BIND 8
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors.
network
isc
4.3
2006-09-06 CVE-2006-4095 Reachable Assertion vulnerability in multiple products
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
network
low complexity
isc canonical apple CWE-617
7.5
2001-07-21 CVE-2001-0497 Incorrect Default Permissions vulnerability in ISC Bind
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
local
low complexity
isc CWE-276
7.8