Vulnerabilities > ISC > Bind > 8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-16 | CVE-2018-5741 | Incorrect Authorization vulnerability in ISC Bind To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. | 4.0 |
2009-01-26 | CVE-2009-0265 | Unchecked Return Value vulnerability in ISC Bind Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. | 7.5 |
2008-01-16 | CVE-2008-0122 | Numeric Errors vulnerability in ISC Bind Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. | 10.0 |
2007-09-12 | CVE-2007-2930 | Remote Cache Poisoning vulnerability in ISC BIND 8 The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. network isc | 4.3 |
2006-09-06 | CVE-2006-4095 | Reachable Assertion vulnerability in multiple products BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. | 7.5 |
2002-11-29 | CVE-2002-1221 | Denial Of Service vulnerability in ISC BIND 8 Invalid Expiry Time BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | 5.0 |
2001-07-21 | CVE-2001-0497 | Incorrect Default Permissions vulnerability in ISC Bind dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | 7.8 |
2000-12-11 | CVE-2000-1029 | Remote Buffer Overflow vulnerability in ISC Bind 8.1 Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. | 10.0 |
1999-11-10 | CVE-1999-0849 | Unspecified vulnerability in ISC Bind Denial of service in BIND named via maxdname. | 5.0 |
1998-04-10 | CVE-1999-1499 | Unspecified vulnerability in ISC Bind 4.9/8.1 named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. | 2.1 |