This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Isc First view 1997-07-01
Product Bind Last view 2020-06-17
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:* 62
cpe:2.3:a:isc:bind:9.3.2:*:*:*:*:*:*:* 60
cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:* 59
cpe:2.3:a:isc:bind:9.3.1:*:*:*:*:*:*:* 59
cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:* 59
cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:* 59
cpe:2.3:a:isc:bind:9.3.0:*:*:*:*:*:*:* 59
cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:* 58
cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:* 57
cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:* 57
cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:* 57
cpe:2.3:a:isc:bind:9.7.1:*:*:*:*:*:*:* 56
cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:* 56
cpe:2.3:a:isc:bind:9.7.2:*:*:*:*:*:*:* 56
cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:* 56
cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:* 56
cpe:2.3:a:isc:bind:9.7.0:*:*:*:*:*:*:* 56
cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:* 55
cpe:2.3:a:isc:bind:9.7.1:p1:*:*:*:*:*:* 55
cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:* 55
cpe:2.3:a:isc:bind:9.7.2:p1:*:*:*:*:*:* 55
cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:* 55
cpe:2.3:a:isc:bind:9.7.0:b1:*:*:*:*:*:* 55
cpe:2.3:a:isc:bind:9.8.0:*:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.7.0:p1:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.7.1:rc1:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.7.0:rc2:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.7.0:rc1:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.3.3:*:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.7.1:p2:*:*:*:*:*:* 54
cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:* 53
cpe:2.3:a:isc:bind:9.7.2:rc1:*:*:*:*:*:* 53
cpe:2.3:a:isc:bind:9.7.2:p3:*:*:*:*:*:* 53
cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:* 53

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.9 2020-06-17 CVE-2020-8619

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.

4.9 2020-06-17 CVE-2020-8618

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

7.5 2020-05-19 CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

8.6 2020-05-19 CVE-2020-8616

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

7.5 2019-11-26 CVE-2019-6477

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

5.9 2019-11-05 CVE-2013-5661

Cache Poisoning issue exists in DNS Response Rate Limiting.

7.5 2019-11-01 CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.

7.5 2019-10-30 CVE-2018-5742

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.

7.5 2019-10-17 CVE-2019-6476

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

7.5 2019-10-17 CVE-2019-6475

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker's choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

5.9 2019-10-09 CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

7.5 2019-10-09 CVE-2019-6469

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

7.5 2019-10-09 CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

7.5 2019-10-09 CVE-2019-6467

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

5.3 2019-10-09 CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.

4.9 2019-10-09 CVE-2018-5745

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

7.5 2019-10-09 CVE-2018-5744

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.

7.5 2019-10-09 CVE-2018-5743

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

7.5 2019-04-09 CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

6.5 2019-01-16 CVE-2018-5741

To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.

7.5 2019-01-16 CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

7.5 2019-01-16 CVE-2018-5738

Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.

7.5 2019-01-16 CVE-2018-5737

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

5.3 2019-01-16 CVE-2018-5736

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

7.5 2019-01-16 CVE-2018-5734

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
34% (30) CWE-20 Improper Input Validation
16% (14) CWE-617 Reachable Assertion
5% (5) CWE-264 Permissions, Privileges, and Access Controls
4% (4) CWE-399 Resource Management Errors
4% (4) CWE-189 Numeric Errors
4% (4) CWE-19 Data Handling
3% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (3) CWE-362 Race Condition
2% (2) CWE-287 Improper Authentication
2% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
1% (1) CWE-772 Missing Release of Resource after Effective Lifetime
1% (1) CWE-770 Allocation of Resources Without Limits or Throttling
1% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (1) CWE-476 NULL Pointer Dereference
1% (1) CWE-428 Unquoted Search Path or Element
1% (1) CWE-416 Use After Free
1% (1) CWE-404 Improper Resource Shutdown or Release
1% (1) CWE-388 Error Handling
1% (1) CWE-331 Insufficient Entropy
1% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1% (1) CWE-290 Authentication Bypass by Spoofing
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-254 Security Features
1% (1) CWE-200 Information Exposure
1% (1) CWE-17 Code

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-13 Subverting Environment Variable Values
CAPEC-17 Accessing, Modifying or Executing Executable Files
CAPEC-19 Embedding Scripts within Scripts
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-51 Poison Web Service Registry
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-76 Manipulating Input to File System Calls
CAPEC-77 Manipulating User-Controlled Variables
CAPEC-81 Web Logs Tampering
CAPEC-87 Forceful Browsing
CAPEC-104 Cross Zone Scripting

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:6051 Security vulnerability in the BIND executable
oval:org.mitre.oval:def:5833 Security vulnerability in the BIND executable
oval:org.mitre.oval:def:5966 Security vulnerability in the BIND executable
oval:org.mitre.oval:def:4190 Buffer Overflow in DNS Resolver Library
oval:org.mitre.oval:def:2539 BIND SIG Resource Records Buffer Overflow
oval:org.mitre.oval:def:449 Bind OPT Resource Record DoS Vulnerability
oval:org.mitre.oval:def:2094 BIND DoS via SIG RR Elements
oval:org.mitre.oval:def:2011 ISC BIND Cache Poison Denial Of Service
oval:org.mitre.oval:def:25774 Vulnerability in AIX bind
oval:org.mitre.oval:def:9623 BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cau...
oval:org.mitre.oval:def:11523 ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9....
oval:org.mitre.oval:def:21786 ELSA-2007:0057: bind security update (Moderate)
oval:org.mitre.oval:def:9614 Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4...
oval:org.mitre.oval:def:2226 Security Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning Attack
oval:org.mitre.oval:def:20473 DSA-1341-2 bind9 - DNS cache poisoning vulnerability
oval:org.mitre.oval:def:10293 ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generat...
oval:org.mitre.oval:def:21703 ELSA-2007:0740: bind security update (Moderate)
oval:org.mitre.oval:def:2154 Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack
oval:org.mitre.oval:def:10190 Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 an...
oval:org.mitre.oval:def:22620 ELSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)
oval:org.mitre.oval:def:9627 The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P...
oval:org.mitre.oval:def:8092 DSA-1603 bind9 -- DNS cache poisoning
oval:org.mitre.oval:def:7660 DSA-1617 refpolicy -- incompatible policy
oval:org.mitre.oval:def:7531 DSA-1623 dnsmasq -- DNS cache poisoning
oval:org.mitre.oval:def:5917 Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77159 ISC BIND Recursive Query Parsing Remote DoS
73605 ISC BIND UPDATE Request Parsing Remote DoS
73604 ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS
72540 ISC BIND Caching Resolver Large RRSIG RRsets Negative Caching Remote DoS
72539 ISC BIND Authoritative Server Crafted IXFR / DDNS Query Update Deadlock DoS
72172 ISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS
69568 ISC BIND named allow-query ACL Restriction Bypass
69559 ISC BIND named Key Algorithm Rollover Weakness
69558 ISC BIND named RRSIG Negative Caching DoS
68271 ISC BIND DNSSEC Query Validation Response Signature Handling Remote DoS
68270 ISC BIND ACL Application Weakness Cache Recursion Access Restriction Bypass
66395 ISC BIND RRSIG Requests Infinite Loop DoS
62008 ISC BIND Secure Response Refetch Weakness Unspecified Issue
62007 ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning
61853 ISC BIND DNSSEC Validation Crafted NXDOMAIN Request Cache Poisoning
60493 ISC BIND DNSSEC Recursive Query Additional Section Cache Poisoning
59272 ISC BIND named Multiple Symlink Arbitrary File Overwrite
57060 ISC BIND DNS Message Malformed TSIG Remote DoS
56584 ISC BIND Dynamic Update Message Handling Remote DoS
53917 HP Multiple Products DNS Query ID Field Prediction Cache Poisoning
53530 Check Point DNS Query ID Field Prediction Cache Poisoning
53299 GNU DNS Resolver Library (glibc) Multiple DNS Resolver Functions Remote Overflow
53298 BSD DNS Resolver Library (libc) Multiple DNS Resolver Functions Remote Overflow
53115 ISC BIND EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Wea...
51368 OpenSSL DSA_verify Function SSL/TLS Signature Validation Weakness

ExploitDB Exploits

id Description
6130 BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
6123 BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
6122 BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-31 Name : Fedora Update for bind FEDORA-2012-19822
File : nvt/gb_fedora_2012_19822_bind_fc16.nasl
2012-12-14 Name : Fedora Update for bind FEDORA-2012-19830
File : nvt/gb_fedora_2012_19830_bind_fc17.nasl
2012-12-13 Name : SuSE Update for bind openSUSE-SU-2012:0722-1 (bind)
File : nvt/gb_suse_2012_0722_1.nasl
2012-12-13 Name : SuSE Update for bind openSUSE-SU-2012:1192-1 (bind)
File : nvt/gb_suse_2012_1192_1.nasl
2012-12-13 Name : SuSE Update for bind openSUSE-SU-2012:1372-1 (bind)
File : nvt/gb_suse_2012_1372_1.nasl
2012-12-10 Name : CentOS Update for bind CESA-2012:1549 centos6
File : nvt/gb_CESA-2012_1549_bind_centos6.nasl
2012-12-10 Name : RedHat Update for bind RHSA-2012:1549-01
File : nvt/gb_RHSA-2012_1549-01_bind.nasl
2012-12-10 Name : Ubuntu Update for bind9 USN-1657-1
File : nvt/gb_ubuntu_USN_1657_1.nasl
2012-12-06 Name : Mandriva Update for bind MDVSA-2012:177 (bind)
File : nvt/gb_mandriva_MDVSA_2012_177.nasl
2012-11-16 Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console
File : nvt/gb_VMSA-2012-0016.nasl
2012-10-29 Name : Debian Security Advisory DSA 2560-1 (bind9)
File : nvt/deb_2560_1.nasl
2012-10-23 Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_bind-dyndb-ldap_fc17.nasl
2012-10-23 Name : Fedora Update for bind FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_bind_fc17.nasl
2012-10-23 Name : Fedora Update for dhcp FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_dhcp_fc17.nasl
2012-10-23 Name : Fedora Update for dnsperf FEDORA-2012-15965
File : nvt/gb_fedora_2012_15965_dnsperf_fc17.nasl
2012-10-23 Name : Fedora Update for bind-dyndb-ldap FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_bind-dyndb-ldap_fc16.nasl
2012-10-23 Name : Fedora Update for bind FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_bind_fc16.nasl
2012-10-23 Name : Fedora Update for dhcp FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_dhcp_fc16.nasl
2012-10-23 Name : Fedora Update for dnsperf FEDORA-2012-15981
File : nvt/gb_fedora_2012_15981_dnsperf_fc16.nasl
2012-10-16 Name : CentOS Update for bind CESA-2012:1363 centos5
File : nvt/gb_CESA-2012_1363_bind_centos5.nasl
2012-10-16 Name : CentOS Update for bind CESA-2012:1363 centos6
File : nvt/gb_CESA-2012_1363_bind_centos6.nasl
2012-10-16 Name : CentOS Update for bind97 CESA-2012:1364 centos5
File : nvt/gb_CESA-2012_1364_bind97_centos5.nasl
2012-10-16 Name : RedHat Update for bind RHSA-2012:1363-01
File : nvt/gb_RHSA-2012_1363-01_bind.nasl
2012-10-16 Name : RedHat Update for bind97 RHSA-2012:1364-01
File : nvt/gb_RHSA-2012_1364-01_bind97.nasl
2012-10-13 Name : FreeBSD Ports: bind99
File : nvt/freebsd_bind992.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0208 Multiple Vulnerabilities in ISC BIND
Severity: Category I - VMSKEY: V0061377
2015-B-0099 McAfee Firewall Enterprise Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0061291
2014-A-0086 Multiple Vulnerabilities in ISC BIND
Severity: Category I - VMSKEY: V0052635
2013-A-0212 ISC BIND Security Bypass Vulnerability
Severity: Category I - VMSKEY: V0042297
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-A-0151 ISC BIND 9 Remote Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0039823
2013-A-0031 Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0036787
2012-A-0189 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0035032
2011-A-0066 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0027158
2008-A-0045 DNS Protocol Cache Poisoning Vulnerability
Severity: Category I - VMSKEY: V0016170

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52344 - Type : SERVER-OTHER - Revision : 1
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52343 - Type : SERVER-OTHER - Revision : 1
2019-12-05 ISC BIND DHCP client DNAME resource record parsing denial of service attempt
RuleID : 52078 - Type : SERVER-OTHER - Revision : 1
2019-09-24 ISC BIND multiple ENDS Key Tag options denial of service attempt
RuleID : 51144 - Type : SERVER-OTHER - Revision : 1
2019-09-24 ISC Bind libdns EDNS option handling denial of service attempt
RuleID : 51126 - Type : SERVER-OTHER - Revision : 1
2018-03-27 ISC BIND malformed data channel authentication message denial of service attempt
RuleID : 45738 - Type : SERVER-OTHER - Revision : 1
2017-12-19 ISC BIND 9 DNS rdata length handling remote denial of service attempt
RuleID : 44879 - Type : SERVER-OTHER - Revision : 1
2017-09-06 ISC BIND malformed control channel authentication message denial of service a...
RuleID : 43846 - Type : SERVER-OTHER - Revision : 2
2017-06-06 ISC BIND unexpected DNAME CNAME ordering denial of service attempt
RuleID : 42458 - Type : PROTOCOL-DNS - Revision : 2
2016-11-30 ISC BIND 9 DNS query overly long name denial of service attempt
RuleID : 40579 - Type : SERVER-OTHER - Revision : 2
2016-11-08 ISC BIND DNS duplicate cookie denial of service attempt
RuleID : 40362 - Type : PROTOCOL-DNS - Revision : 1
2016-11-08 ISC BIND isc__buffer_add assertion failure denial of service attempt
RuleID : 40344 - Type : PROTOCOL-DNS - Revision : 2
2016-05-27 ISC BIND malformed control channel authentication message denial of service a...
RuleID : 38622 - Type : SERVER-OTHER - Revision : 4
2016-04-21 ISC BIND totext_in_apl denial of service attempt
RuleID : 38284 - Type : PROTOCOL-DNS - Revision : 1
2016-04-21 ISC BIND totext_in_apl denial of service attempt
RuleID : 38283 - Type : PROTOCOL-DNS - Revision : 1
2016-04-21 ISC BIND totext_in_apl denial of service attempt
RuleID : 38282 - Type : PROTOCOL-DNS - Revision : 1
2016-04-21 ISC BIND totext_in_apl denial of service attempt
RuleID : 38281 - Type : PROTOCOL-DNS - Revision : 1
2016-03-14 ISC BIND zero length OPENPGPKEY rdata response attempt
RuleID : 36130 - Type : PROTOCOL-DNS - Revision : 4
2015-10-20 ISC BIND DNSSEC response unsupported cryptographic algorithm attempt
RuleID : 36056 - Type : PROTOCOL-DNS - Revision : 2
2015-10-20 ISC BIND DNSSEC response unsupported DNSKEY cryptographic algorithm attempt
RuleID : 36055 - Type : PROTOCOL-DNS - Revision : 3
2015-09-03 ISC BIND TKEY query processing denial of service attempt
RuleID : 35943 - Type : PROTOCOL-DNS - Revision : 2
2015-09-03 ISC BIND TKEY query processing denial of service attempt
RuleID : 35942 - Type : PROTOCOL-DNS - Revision : 2
2015-09-03 ISC BIND TKEY Query denial of service attempt
RuleID : 35425 - Type : SERVER-OTHER - Revision : 3
2015-09-03 ISC BIND TKEY Query denial of service attempt
RuleID : 35424 - Type : SERVER-OTHER - Revision : 3
2015-03-31 ISC BIND recursive resolver resource consumption denial of service attempt
RuleID : 33583 - Type : PROTOCOL-DNS - Revision : 8

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5417ca3713.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a54e46032f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bfec61fb2f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f22b937f52.nasl - Type: ACT_GATHER_INFO
2018-11-28 Name: The remote name server is affected by a policy bypass which enables an unauth...
File: bind9_CVE-2018-5741.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1679.nasl - Type: ACT_GATHER_INFO
2018-11-05 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL98528405.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL08613310.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1328.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1343.nasl - Type: ACT_GATHER_INFO
2018-10-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-54d84b0b0c.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1281.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1282.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1082.nasl - Type: ACT_GATHER_INFO
2018-09-20 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1082.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1485.nasl - Type: ACT_GATHER_INFO
2018-08-29 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2570.nasl - Type: ACT_GATHER_INFO
2018-08-29 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2571.nasl - Type: ACT_GATHER_INFO
2018-08-23 Name: The remote Fedora host is missing a security update.
File: fedora_2018-90f8fbd58e.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote name server is affected by a denial of service vulnerability.
File: bind9_9122_p1.nasl - Type: ACT_GATHER_INFO
2018-08-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-222-01.nasl - Type: ACT_GATHER_INFO
2018-08-02 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-c0f12f789e.nasl - Type: ACT_GATHER_INFO
2018-07-12 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-192-01.nasl - Type: ACT_GATHER_INFO