Vulnerabilities > ISC > Bind
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-06 | CVE-2006-4095 | Reachable Assertion vulnerability in multiple products BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. | 7.5 |
2006-04-27 | CVE-2006-2073 | Denial Of Service vulnerability in ISC BIND TSIG Zone Transfer Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. | 5.0 |
2006-03-03 | CVE-2006-0987 | Denial-Of-Service vulnerability in ISC Bind 9.3.2 The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. | 5.0 |
2005-05-02 | CVE-2005-0034 | Remote Denial Of Service vulnerability in ISC Bind 9.3.0 An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. network isc | 4.3 |
2005-05-02 | CVE-2005-0033 | Remote Buffer Overflow vulnerability in ISC Bind 8.4.4/8.4.5 Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses. | 5.0 |
2003-12-15 | CVE-2003-0914 | ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. | 4.3 |
2002-12-31 | CVE-2002-2213 | Remote Security vulnerability in BIND The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | 5.0 |
2002-12-31 | CVE-2002-2212 | Remote Security vulnerability in BIND The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | 5.0 |
2002-12-31 | CVE-2002-2211 | Remote Security vulnerability in BIND BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | 5.0 |
2002-11-29 | CVE-2002-1221 | Denial Of Service vulnerability in ISC BIND 8 Invalid Expiry Time BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | 5.0 |