In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.
Max CVSS
9.8
EPSS Score
26.78%
Published
2021-04-29
Updated
2022-05-03
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
Max CVSS
10.0
EPSS Score
7.61%
Published
2009-07-14
Updated
2017-09-29
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Max CVSS
10.0
EPSS Score
1.54%
Published
2008-01-16
Updated
2019-08-01
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
Max CVSS
10.0
EPSS Score
1.56%
Published
2005-03-01
Updated
2017-07-11
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
Max CVSS
10.0
EPSS Score
2.46%
Published
2004-08-06
Updated
2017-07-11
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
Max CVSS
10.0
EPSS Score
93.49%
Published
2004-08-06
Updated
2017-07-11
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
Max CVSS
10.0
EPSS Score
20.26%
Published
2002-07-26
Updated
2016-10-18
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
Max CVSS
10.0
EPSS Score
0.35%
Published
2002-08-12
Updated
2008-09-05
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
0.89%
Published
2001-02-12
Updated
2008-09-10
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
0.89%
Published
2001-02-12
Updated
2008-09-10
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
Max CVSS
10.0
EPSS Score
18.93%
Published
2001-02-12
Updated
2008-09-10
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.
Max CVSS
10.0
EPSS Score
0.94%
Published
2000-12-11
Updated
2017-07-11
ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.
Max CVSS
10.0
EPSS Score
2.27%
Published
2000-06-24
Updated
2018-05-03
Denial of service in BIND by improperly closing TCP sessions via so_linger.
Max CVSS
10.0
EPSS Score
0.81%
Published
1999-11-10
Updated
2018-10-30
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
Max CVSS
10.0
EPSS Score
0.43%
Published
1999-05-11
Updated
2008-09-09
Remote access in AIX innd 1.5.1, using control messages.
Max CVSS
10.0
EPSS Score
1.50%
Published
1997-01-01
Updated
2022-08-17
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
Max CVSS
10.0
EPSS Score
0.83%
Published
1996-12-04
Updated
2022-08-17
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
Max CVSS
10.0
EPSS Score
1.15%
Published
1998-04-08
Updated
2018-10-30
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
Max CVSS
10.0
EPSS Score
9.01%
Published
1998-04-08
Updated
2018-10-30
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!