exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-1349

Status Candidate

Overview

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

Related Files

Gentoo Linux Security Advisory 201510-01
Posted Oct 18, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-1 - A vulnerability in BIND could lead to a Denial of Service condition. Versions less than 9.10.2_p4 are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2015-1349, CVE-2015-4620, CVE-2015-5477, CVE-2015-5722, CVE-2015-5986
SHA-256 | 3e69b06ce087bc759fa9828ea0b0cf459d7968e9aa04df031352b20c2a562035
Apple Security Advisory 2015-09-16-4
Posted Sep 19, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-4 - OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-5704, CVE-2014-0067, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2014-8161, CVE-2014-8500, CVE-2015-0228, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244, CVE-2015-0253, CVE-2015-1349, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167, CVE-2015-3183, CVE-2015-3185, CVE-2015-5911
SHA-256 | 8254c8d55f2667e65687c75dc0e4ebbbd127b907729adba11b4a141d12fc30b2
HP Security Bulletin HPSBUX03379 SSRT101976 1
Posted Jul 20, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03379 SSRT101976 1 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2015-1349, CVE-2015-4620
SHA-256 | b21fc27083754ab1ae7b8c59ee2c783014b0ec6f8ca5590eded500f0f1ff2e29
Slackware Security Advisory - bind Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3214, CVE-2014-8500, CVE-2014-8680, CVE-2015-1349
SHA-256 | 6226887b79182f2879fc61785788eeaa7e5a8629c7a587dcfebb9b97fe79d104
Mandriva Linux Security Advisory 2015-165
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-165 - By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-8500, CVE-2015-1349
SHA-256 | 1b590fc51333510284a3f960ee5db24e4033e0c82e4a366baec311dff230159a
Red Hat Security Advisory 2015-0672-01
Posted Mar 11, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0672-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon to crash under certain conditions.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-1349
SHA-256 | 54ce3fff2cfdb06fe60b9b071696bd0b93e9175b023fa5c0d8d260d7f5a96ed7
Mandriva Linux Security Advisory 2015-054
Posted Mar 4, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-054 - Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker.

tags | advisory
systems | linux, mandriva
advisories | CVE-2015-1349
SHA-256 | a34207981a886a158577856e030851948b7a3f3e331735b3a69d0f3f55895e6f
FreeBSD Security Advisory - BIND Denial Of Service
Posted Feb 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - BIND servers which are configured to perform DNSSEC validation and which are using managed keys (which occurs implicitly when using "dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit unpredictable behavior due to the use of an improperly initialized variable. A remote attacker can trigger a crash of a name server that is configured to use managed keys under specific and limited circumstances. However, the complexity of the attack is very high unless the attacker has a specific network relationship to the BIND server which is targeted.

tags | advisory, remote
systems | freebsd
advisories | CVE-2015-1349
SHA-256 | 0e416654c22a1367cdad06ceb1a67ec74bb5ad43931cfbbd4d5e066547480619
Debian Security Advisory 3162-1
Posted Feb 19, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3162-1 - Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".

tags | advisory
systems | linux, debian
advisories | CVE-2015-1349
SHA-256 | 712f536a8bf23bc5f8d33db7a0de53d43e7ac7b83f25eb9aa8ff4b95164b1dd5
Ubuntu Security Notice USN-2503-1
Posted Feb 18, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2503-1 - Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-1349
SHA-256 | 896f3f1ebb14472afcabb7f719bd450e53bbba558630a1cb3030afc8ce469de1
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close