This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Isc First view 2015-07-29
Product Bind Last view 2022-09-21
Version 9.8.2 Type Application
Update b2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:isc:bind

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2022-09-21 CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5 2022-09-21 CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5 2022-09-21 CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash.

7.5 2022-09-21 CVE-2022-2906

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

8.2 2022-09-21 CVE-2022-2881

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

7.5 2022-09-21 CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

7.5 2022-05-19 CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

5.3 2022-03-23 CVE-2022-0396

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

6.8 2022-03-23 CVE-2021-25220

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

5.3 2021-10-27 CVE-2021-25219

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

9.8 2021-04-29 CVE-2021-25216

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.

7.5 2021-04-29 CVE-2021-25215

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

6.5 2021-04-29 CVE-2021-25214

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

8.1 2021-02-17 CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

4.3 2020-08-21 CVE-2020-8624

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

7.5 2020-08-21 CVE-2020-8623

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

6.5 2020-08-21 CVE-2020-8622

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

7.5 2020-08-21 CVE-2020-8621

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

7.5 2020-08-21 CVE-2020-8620

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

4.9 2020-06-17 CVE-2020-8619

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.

4.9 2020-06-17 CVE-2020-8618

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

5.9 2020-05-19 CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

8.6 2020-05-19 CVE-2020-8616

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

7.5 2019-11-26 CVE-2019-6477

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

5.9 2019-11-05 CVE-2013-5661

Cache Poisoning issue exists in DNS Response Rate Limiting.

CWE : Common Weakness Enumeration

%idName
33% (16) CWE-617 Reachable Assertion
14% (7) CWE-20 Improper Input Validation
8% (4) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (2) CWE-404 Improper Resource Shutdown or Release
4% (2) CWE-347 Improper Verification of Cryptographic Signature
4% (2) CWE-125 Out-of-bounds Read
2% (1) CWE-772 Missing Release of Resource after Effective Lifetime
2% (1) CWE-770 Allocation of Resources Without Limits or Throttling
2% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
2% (1) CWE-428 Unquoted Search Path or Element
2% (1) CWE-416 Use After Free
2% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
2% (1) CWE-362 Race Condition
2% (1) CWE-345 Insufficient Verification of Data Authenticity
2% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
2% (1) CWE-290 Authentication Bypass by Spoofing
2% (1) CWE-269 Improper Privilege Management
2% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
2% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
2% (1) CWE-19 Data Handling

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0208 Multiple Vulnerabilities in ISC BIND
Severity: Category I - VMSKEY: V0061377
2015-B-0099 McAfee Firewall Enterprise Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0061291

Snort® IPS/IDS

Date Description
2020-09-02 BIND DNS server TSIG denial of service attempt
RuleID : 54630 - Type : PROTOCOL-DNS - Revision : 1
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52344 - Type : SERVER-OTHER - Revision : 1
2020-01-03 ISC BIND deny-answer-aliases denial of service attempt
RuleID : 52343 - Type : SERVER-OTHER - Revision : 1
2019-12-05 ISC BIND DHCP client DNAME resource record parsing denial of service attempt
RuleID : 52078 - Type : SERVER-OTHER - Revision : 1
2019-09-24 ISC BIND multiple ENDS Key Tag options denial of service attempt
RuleID : 51144 - Type : SERVER-OTHER - Revision : 1
2016-11-08 ISC BIND isc__buffer_add assertion failure denial of service attempt
RuleID : 40344 - Type : PROTOCOL-DNS - Revision : 2
2016-03-14 ISC BIND zero length OPENPGPKEY rdata response attempt
RuleID : 36130 - Type : PROTOCOL-DNS - Revision : 4
2015-10-20 ISC BIND DNSSEC response unsupported cryptographic algorithm attempt
RuleID : 36056 - Type : PROTOCOL-DNS - Revision : 2
2015-10-20 ISC BIND DNSSEC response unsupported DNSKEY cryptographic algorithm attempt
RuleID : 36055 - Type : PROTOCOL-DNS - Revision : 3
2015-09-03 ISC BIND TKEY query processing denial of service attempt
RuleID : 35943 - Type : PROTOCOL-DNS - Revision : 3
2015-09-03 ISC BIND TKEY query processing denial of service attempt
RuleID : 35942 - Type : PROTOCOL-DNS - Revision : 3
2015-09-03 ISC BIND TKEY Query denial of service attempt
RuleID : 35425 - Type : SERVER-OTHER - Revision : 3
2015-09-03 ISC BIND TKEY Query denial of service attempt
RuleID : 35424 - Type : SERVER-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5417ca3713.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a54e46032f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f22b937f52.nasl - Type: ACT_GATHER_INFO
2018-11-28 Name: The remote name server is affected by a policy bypass which enables an unauth...
File: bind9_CVE-2018-5741.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1679.nasl - Type: ACT_GATHER_INFO
2018-11-05 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL98528405.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL08613310.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1328.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1343.nasl - Type: ACT_GATHER_INFO
2018-10-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-54d84b0b0c.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1281.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1282.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1082.nasl - Type: ACT_GATHER_INFO
2018-09-20 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1082.nasl - Type: ACT_GATHER_INFO
2018-08-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1485.nasl - Type: ACT_GATHER_INFO
2018-08-29 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2570.nasl - Type: ACT_GATHER_INFO
2018-08-29 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2571.nasl - Type: ACT_GATHER_INFO
2018-08-23 Name: The remote Fedora host is missing a security update.
File: fedora_2018-90f8fbd58e.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO
2018-08-16 Name: The remote name server is affected by a denial of service vulnerability.
File: bind9_9122_p1.nasl - Type: ACT_GATHER_INFO
2018-08-13 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-222-01.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-954.nasl - Type: ACT_GATHER_INFO
2018-02-22 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-954.nasl - Type: ACT_GATHER_INFO
2018-02-13 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1037.nasl - Type: ACT_GATHER_INFO