Debian Bind9 vulnerabilities

CVE-2016-1284 [MEDIUM] CVE-2016-1284: bind9 - rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when... rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-5722 [HIGH] CVE-2015-5722: bind9 - buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 al... buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. Scope: local bookworm: resolved (fixed in 1:9.9.5.dfsg-12) bullseye: resolved (fixed in 1:9.9.5.dfsg-12) fo

CVE-2015-5477 [HIGH] CVE-2015-5477: bind9 - named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote ... named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. Scope: local bookworm: resolved (fixed in 1:9.9.5.dfsg-11) bullseye: resolved (fixed in 1:9.9.5.dfsg-11) forky: resolved (fixed in 1:9.9.5.dfsg-11) sid: resolved (fixed in 1:9.9.5.dfsg-11) tr

CVE-2015-4620 [HIGH] CVE-2015-4620: bind9 - name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x befor... name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. Scope: local bookworm: resolved (fi

CVE-2015-8000 [MEDIUM] CVE-2015-8000: bind9 - db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows... db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. Scope: local bookworm: resolved (fixed in 1:9.9.5.dfsg-12.1) bullseye: resolved (fixed in 1:9.9.5.dfsg-12.1) forky: resolved (fixed in 1:9.9.5.dfsg-12.1) sid: resolve

CVE-2015-8704 [MEDIUM] CVE-2015-8704: bind9 - apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 all... apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. Scope: local bookworm: resolved (fixed in 1:9.10.3.dfsg.P4-6) bullseye: resolved (fixed in 1:9.10.3.dfsg.P4-6) forky: resolved (fixed in

CVE-2015-5986 [HIGH] CVE-2015-5986: bind9 - openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.1... openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-8461 [HIGH] CVE-2015-8461: bind9 - Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10... Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-1349 [MEDIUM] CVE-2015-1349: bind9 - named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P... named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. Scope: local bookworm:

CVE-2015-8705 [HIGH] CVE-2015-8705: bind9 - buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is ena... buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: re

CVE-2014-8500 [HIGH] CVE-2014-8500: bind9 - ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 doe... ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. Scope: local bookworm: resolved (fixed in 1:9.9.5.dfsg-7) bullseye: resolved (fixed in 1:9.9.5.dfsg-7) forky: resolved

CVE-2014-0591 [LOW] CVE-2014-0591: bind9 - The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, an... The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. Scope: local bookworm:

CVE-2014-8680 [MEDIUM] CVE-2014-8680: bind9 - The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attacker... The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-3859 [MEDIUM] CVE-2014-3859: bind9 - libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which... libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-3214 [MEDIUM] CVE-2014-3214: bind9 - The prefetch implementation in named in ISC BIND 9.10.0, when a recursive namese... The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-2266 [HIGH] CVE-2013-2266: bind9 - libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x ... libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. Scope: local bookworm: resolved (fi

CVE-2013-4854 [HIGH] CVE-2013-4854: bind9 - The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-... The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during constructi

CVE-2013-3919 [HIGH] CVE-2013-3919: bind9 - resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV... resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved tri

CVE-2013-6230 [MEDIUM] CVE-2013-6230: bind9 - The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9... The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging m

CVE-2012-4244 [HIGH] CVE-2012-4244: bind9 - ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and ... ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. Scope: local bookworm: resolved (fixed in 1:9.8.4.dfsg-1) bullseye: resolved (fixed in 1:9.8.4.dfsg-1) forky: resolv