HP Security Bulletin HPSBOV03540 1 - Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.
172ff73cf346da8d896484da1bbb74a962da41e89f917e23789840d3a1898675Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.
cd4c4e819b4c3c239ee06046bee62e04089f000fc2faea5c9f5936326037c9c2Gentoo Linux Security Advisory 201209-4 - Multiple vulnerabilities have been found in BIND, the worst of which may allow remote Denial of Service. Versions less than 9.9.1_p3 are affected.
bdf2b43595c5f5742954348c143b27365eac089f1b2d2ad5c6263f3b27178b30Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.
40b0db811b217e85fb6806b53d13edb126d8f6537576e1fb80a6d9e6c2266a62HP Security Bulletin HPSBUX02795 SSRT100878 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
d9d9ffe39ca5db8e3c67fdc538e88e4302d4bb94a33df8285d7d0cc0ecd3178aRed Hat Security Advisory 2012-1110-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
bf4b7f97287a52171592309210c2633fc1a28c7720d8f80f2637a9c2ad1314daHP Security Bulletin HPSBUX02795 SSRT100878 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
2bc00a1d4f7b7a8ff1008f02f3b03cffcd18b4c8bbce60774e1e9b0a98a4ca2cSlackware Security Advisory - This release fixes an issue that could crash BIND, leading to a denial of service. It also fixes the so-called "ghost names attack" whereby a remote attacker may trigger continued resolvability of revoked domain names.
a54b3637c35e8d72b4ce0639ba7fb35571f225581e9ef820090c98d7c73749c4FreeBSD Security Advisory - The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information.
38bb62ce0e6626ae58f5bdcb8590d53027dcaccd01d33f928641394b6ad66427Mandriva Linux Security Advisory 2012-089 - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue.
a8217cffac821010635bfa2ad29fda43e42e61d06ec1bb8c1c4909f802aa412cRed Hat Security Advisory 2012-0717-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
76f8f2a481a57a62d41e34bca89aa66fd735798668ceb74046031882209f7cd3Red Hat Security Advisory 2012-0716-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory.
8d17a12c2c5567f83213900f8b6e4c551fe38c24ff08e1187089cf05d7161b90Ubuntu Security Notice 1462-1 - Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked.
fbb84f8a8376f523eed4e2f4816747ef3238b74da3cc1ad2b4f06e1fc32b80b8Debian Linux Security Advisory 2486-1 - It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected.
aaff0d5dfe0a95b4be0cdbb6f1f283c8f68f1de358f21672e99d54fa43fda6f7ISC Security Advisory - The handling of zero length rdata can cause named to terminate unexpectedly.
fc123558f95ccb6b2d994cac429265085c0cb3db3caf42feccbfa83715e336c5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed