| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Denial of service in BIND by improperly closing TCP sessions via so_linger. |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. |
| Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. |
| Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. |
| Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. |
| Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. |
| named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." |
| named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. |
| BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. |
| ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters. |
| Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. |
| Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. |
| The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. |
| The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. |
| The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. |
| Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. |
| BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. |
