Debian Bind9 vulnerabilities

CVE-2017-3145 [HIGH] CVE-2017-3145: bind9 - BIND was improperly sequencing cleanup operations on upstream recursion fetch co... BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. Scope: local bookworm: res

CVE-2017-3143 [HIGH] CVE-2017-3143: bind9 - An attacker who is able to send and receive messages to an authoritative DNS ser... An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S

CVE-2017-3136 [MEDIUM] CVE-2017-3136: bind9 - A query with a specific set of characteristics could cause a server using DNS64 ... A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10

CVE-2017-3142 [MEDIUM] CVE-2017-3142: bind9 - An attacker who is able to send and receive messages to an authoritative DNS ser... An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of

CVE-2017-3138 [MEDIUM] CVE-2017-3138: bind9 - named contains a feature which allows operators to issue commands to a running s... named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent

CVE-2017-3140 [LOW] CVE-2017-3140: bind9 - If named is configured to use Response Policy Zones (RPZ) an error processing so... If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-3141 [HIGH] CVE-2017-3141: bind9 - The BIND installer on Windows uses an unquoted service path which can enable a l... The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1. Scope: local bookworm: resolved bullseye: resolved forky: reso

CVE-2017-3139 [HIGH] CVE-2017-3139: bind9 - A denial of service flaw was found in the way BIND handled DNSSEC validation. A ... A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-2776 [HIGH] CVE-2016-2776: bind9 - buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.... buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-11) bullseye: resolved (fixed in 1:9.10.3.dfsg.P4-11) fo

CVE-2016-2848 [HIGH] CVE-2016-2848: bind9 - ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attacke... ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record. Scope: local bookworm: resolved (fixed in 1:9.9.3.dfsg.P2-1) bullseye: resolved (fixed in 1:9.9.3.dfsg.P2-1) forky: resolved (fixed in 1:9.9.3.dfsg.P2-1) sid: resolved (f

CVE-2016-1286 [HIGH] CVE-2016-1286: bind9 - named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote ... named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-6) bullseye: resolved (fixed in 1:9.10.3.dfsg.P4-6) forky: resolved (fixed

CVE-2016-9444 [HIGH] CVE-2016-9444: bind9 - named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x befor... named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-11) bullseye: resolved (fixed in 1:9.10.3.dfsg.P4-11) forky: resolved (fixed in 1:9.1

CVE-2016-8864 [HIGH] CVE-2016-8864: bind9 - named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x befor... named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-11) bullseye: resolved

CVE-2016-9147 [HIGH] CVE-2016-9147: bind9 - named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote att... named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-11) bullseye: resolved (fixed in 1:9.10.3.dfsg.P4-11) forky: resolved (fixed in 1:9.1

CVE-2016-9131 [HIGH] CVE-2016-9131: bind9 - named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x befor... named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-11) bullseye: resolved (fixed in 1:9.10.3.dfsg.P4-11) forky: resolved (fixed in 1:9.

CVE-2016-1285 [MEDIUM] CVE-2016-1285: bind9 - named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not prope... named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. Scope: local bookworm: resolved (fi

CVE-2016-2775 [MEDIUM] CVE-2016-2775: bind9 - ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b... ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-11) bullseye: resolved (fixed in 1:9.10.3.dfsg

CVE-2016-6170 [MEDIUM] CVE-2016-6170: bind9 - ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1... ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (p

CVE-2016-9778 [HIGH] CVE-2016-9778: bind9 - An error in handling certain queries can cause an assertion failure when a serve... An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to a

CVE-2016-2088 [MEDIUM] CVE-2016-2088: bind9 - resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are en... resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved