Vulnerabilities > ISC > Bind

DATE CVE VULNERABILITY TITLE RISK
2016-03-09 CVE-2016-1285 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 6.8
2016-02-04 CVE-2016-1284 Improper Input Validation vulnerability in ISC Bind 9.9.8
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
network
high complexity
isc CWE-20
5.9
2016-01-20 CVE-2015-8705 Improper Input Validation vulnerability in ISC Bind
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.
network
high complexity
isc CWE-20
7.0
2016-01-20 CVE-2015-8704 Improper Input Validation vulnerability in ISC Bind
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
network
low complexity
isc CWE-20
6.5
2009-01-26 CVE-2009-0265 Unchecked Return Value vulnerability in ISC Bind
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
network
low complexity
isc CWE-252
7.5
2008-07-08 CVE-2008-1447 Insufficient Entropy vulnerability in ISC Bind 4/8/9.2.9
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
network
high complexity
isc CWE-331
6.8
2006-09-06 CVE-2006-4095 Reachable Assertion vulnerability in multiple products
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
network
low complexity
isc canonical apple CWE-617
7.5
2001-07-21 CVE-2001-0497 Incorrect Default Permissions vulnerability in ISC Bind
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
local
low complexity
isc CWE-276
7.8