Gentoo Linux Security Advisory 201401-34 - Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Versions less than 9.9.4_p2 are affected.
08788290f886b257bb5cf19d5da72a1cebe9c1902c834380c2cebb552a875e12HP Security Bulletin HPSBUX02876 SSRT101148 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
8b167f87f0c9355815506c7eeefa983f0028d1289171609aacb0fef7b45c84a6HP Security Bulletin HPSBUX02876 SSRT101148 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
bae15b6a39dd3cfa802f7792f5a093f226f0845242eea38a7516384dc050d8a6Mandriva Linux Security Advisory 2013-058 - libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. The updated packages have been patched to correct this issue.
e53388a8fbae2beb233f334ba8f496d6db29a7c3a0a59bdc0e70bbfbfc78adc8FreeBSD Security Advisory - A flaw in a library used by BIND allows an attacker to deliberately cause excessive memory consumption by the named(8) process. This affects both recursive and authoritative servers.
1dd487d7a38a6be933444db11b02dd1e2e265a2e5fb5dd7875698187215034f8Debian Linux Security Advisory 2656-1 - Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash.
f2dcd89039a695f90e98b0038b67fc5cae9bfa2e5c3193cbdead19922ea0aa61Ubuntu Security Notice 1783-1 - Matthew Horsfall discovered that Bind incorrectly handled regular expression checking. A remote attacker could use this flaw to cause Bind to consume an excessive amount of memory, possibly resulting in a denial of service. This issue was corrected by disabling RDATA regular expression syntax checking.
c24a1c3ac68073c644db15400ac8f6c99c9ab1b5641d5bb91173cedfe9b52f68Red Hat Security Advisory 2013-0689-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.
49ec82c31e09a661de8b7df652d8eee53683f7471acff85a36ad89701d30651fRed Hat Security Advisory 2013-0690-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. Note: This update disables the syntax checking of NAPTR resource records.
8e2fbfef90b9c05004aec10b390bae90ea7731c20f0d59269617c5d40e2c0b39Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2266.
a993d939b799c47a47bff241e1f49b6b00f251765344dc7c88ca3e0f7c959802A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.
7cda4cd2685e259b72b8a7f277f48a6fa21ea4dcfa18ce25de752b2336680f23Slackware Security Advisory - New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2266.
863cc58feb36ee13f39bbaf2e6dfc10aac80a162251030487d679e1f6fefcbf3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed