Isc Bind vulnerabilities

189 known vulnerabilities affecting isc/bind.

Total CVEs

189

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL8HIGH98MEDIUM77LOW6

Vulnerabilities

Page 8 of 10

CVE-2010-0097MEDIUMCVSS 4.3v9.0v9.0.0+38 more2010-01-22

CVE-2010-0097 [MEDIUM] CWE-20 CVE-2010-0097: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7 ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

nvd

CVE-2009-4022LOWCVSS 2.6v9.0v9.0.0+35 more2009-11-25

CVE-2009-4022 [LOW] CVE-2009-4022: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional se

nvd

CVE-2009-0696MEDIUMCVSS 4.3ExploitedPoCv9.4v9.4.0+8 more2009-07-29

CVE-2009-0696 [MEDIUM] CWE-16 CVE-2009-0696: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1- The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.

nvd

CVE-2009-0265HIGHCVSS 7.5≤ 9.6.02009-01-26

CVE-2009-0265 [HIGH] CVE-2009-0265: Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value fr Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.

nvd

CVE-2009-0025MEDIUMCVSS 6.8v9.0v9.0.0+22 more2009-01-07

CVE-2009-0025 [MEDIUM] CVE-2009-0025: BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenS BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

nvd

CVE-2008-4163HIGHCVSS 7.8v9.3.5v9.4.2+1 more2008-09-22

CVE-2008-4163 [HIGH] CWE-20 CVE-2008-4163: Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows re Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.

nvd

CVE-2008-1447MEDIUMCVSS 6.8PoCv4v8+1 more2008-07-08

CVE-2008-1447 [MEDIUM] CWE-331 CVE-2008-1447: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Mi The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resol

nvd

CVE-2008-0122CRITICALCVSS 10.0≤ 9.4.22008-01-16

CVE-2008-0122 [CRITICAL] CWE-189 CVE-2008-0122: Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in l Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

nvd

CVE-2007-2930MEDIUMCVSS 4.3PoC≤ 8.4.72007-09-12

CVE-2007-2930 [MEDIUM] CVE-2007-2930: The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 genera The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

nvd

CVE-2007-2926MEDIUMCVSS 4.3PoCv9.0v9.1+5 more2007-07-24

CVE-2007-2926 [MEDIUM] CVE-2007-2926: ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids wh ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

nvd

CVE-2007-2925MEDIUMCVSS 5.8v9.4.0v9.4.1+1 more2007-07-24

CVE-2007-2925 [MEDIUM] CVE-2007-2925: The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

nvd

CVE-2007-2241HIGHCVSS 7.1v9.4.0v9.5.02007-05-02

CVE-2007-2241 [HIGH] CVE-2007-2241: Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.

nvd

CVE-2007-0493HIGHCVSS 7.8v9.3.0v9.3.1+3 more2007-01-25

CVE-2007-0493 [HIGH] CVE-2007-0493: Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4 Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

nvd

CVE-2007-0494MEDIUMCVSS 4.3v9.0v9.0.0+20 more2007-01-25

CVE-2007-0494 [MEDIUM] CWE-19 CVE-2007-0494: ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9. ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

nvd

CVE-2006-4095HIGHCVSS 7.5≤ 9.2.6≥ 9.3.0, ≤ 9.3.22006-09-06

CVE-2006-4095 [HIGH] CWE-617 CVE-2006-4095: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

nvd

CVE-2006-4096MEDIUMCVSS 5.0v9.2.0v9.2.1+9 more2006-09-06

CVE-2006-4096 [MEDIUM] CVE-2006-4096: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.

nvd

CVE-2006-2073MEDIUMCVSS 5.0v9.0v9.0.1+11 more2006-04-27

CVE-2006-2073 [MEDIUM] CVE-2006-2073: Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a cra Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.

nvd

CVE-2006-0987MEDIUMCVSS 5.0v9.3.22006-03-03

CVE-2006-0987 [MEDIUM] CVE-2006-0987: The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, all The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

nvd

CVE-2006-0527HIGHCVSS 7.5v4v82006-02-02

CVE-2006-0527 [HIGH] CWE-264 CVE-2006-0527: BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain pr BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.

nvd

CVE-2005-0034MEDIUMCVSS 4.3v9.3.02005-05-02

CVE-2005-0034 [MEDIUM] CVE-2005-0034: An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enab An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.

nvd

← Previous8 / 10Next →