rpm package
suse/bind&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8625 | — | < 9.9.9P1-63.20.1 | 9.9.9P1-63.20.1 | Feb 17, 2021 | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid valu | ||
| CVE-2020-8617 | — | < 9.9.9P1-63.17.1 | 9.9.9P1-63.17.1 | May 19, 2020 | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whos | ||
| CVE-2020-8616 | — | < 9.9.9P1-63.17.1 | 9.9.9P1-63.17.1 | May 19, 2020 | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to proce | ||
| CVE-2018-5741 | — | < 9.9.9P1-63.17.1 | 9.9.9P1-63.17.1 | Jan 16, 2019 | To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when | ||
| CVE-2017-3145 | — | < 9.9.9P1-63.7.1 | 9.9.9P1-63.7.1 | Jan 16, 2019 | BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9. | ||
| CVE-2017-3143 | — | < 9.9.9P1-62.1 | 9.9.9P1-62.1 | Jan 16, 2019 | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9. | ||
| CVE-2017-3142 | — | < 9.9.9P1-62.1 | 9.9.9P1-62.1 | Jan 16, 2019 | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys f | ||
| CVE-2017-3138 | — | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jan 16, 2019 | named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some | ||
| CVE-2017-3137 | — | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jan 16, 2019 | Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order | ||
| CVE-2017-3136 | — | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jan 16, 2019 | A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other p | ||
| CVE-2017-3135 | — | < 9.9.9P1-56.1 | 9.9.9P1-56.1 | Jan 16, 2019 | Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9. | ||
| CVE-2016-9444 | Hig | 7.5 | < 9.9.9P1-53.1 | 9.9.9P1-53.1 | Jan 12, 2017 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | |
| CVE-2016-9147 | Hig | 7.5 | < 9.9.9P1-53.1 | 9.9.9P1-53.1 | Jan 12, 2017 | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | |
| CVE-2016-9131 | Hig | 7.5 | < 9.9.9P1-53.1 | 9.9.9P1-53.1 | Jan 12, 2017 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |
| CVE-2016-8864 | Hig | 7.5 | < 9.9.9P1-49.1 | 9.9.9P1-49.1 | Nov 2, 2016 | named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re | |
| CVE-2016-2775 | Med | 5.9 | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jul 19, 2016 | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |
| CVE-2016-6170 | Med | 6.5 | < 9.9.9P1-59.1 | 9.9.9P1-59.1 | Jul 6, 2016 | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a |
- CVE-2020-8625Feb 17, 2021affected < 9.9.9P1-63.20.1fixed 9.9.9P1-63.20.1
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid valu
- CVE-2020-8617May 19, 2020affected < 9.9.9P1-63.17.1fixed 9.9.9P1-63.17.1
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whos
- CVE-2020-8616May 19, 2020affected < 9.9.9P1-63.17.1fixed 9.9.9P1-63.17.1
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to proce
- CVE-2018-5741Jan 16, 2019affected < 9.9.9P1-63.17.1fixed 9.9.9P1-63.17.1
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when
- CVE-2017-3145Jan 16, 2019affected < 9.9.9P1-63.7.1fixed 9.9.9P1-63.7.1
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.
- CVE-2017-3143Jan 16, 2019affected < 9.9.9P1-62.1fixed 9.9.9P1-62.1
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.
- CVE-2017-3142Jan 16, 2019affected < 9.9.9P1-62.1fixed 9.9.9P1-62.1
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys f
- CVE-2017-3138Jan 16, 2019affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some
- CVE-2017-3137Jan 16, 2019affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order
- CVE-2017-3136Jan 16, 2019affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other p
- CVE-2017-3135Jan 16, 2019affected < 9.9.9P1-56.1fixed 9.9.9P1-56.1
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.
- affected < 9.9.9P1-53.1fixed 9.9.9P1-53.1
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
- affected < 9.9.9P1-53.1fixed 9.9.9P1-53.1
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
- affected < 9.9.9P1-53.1fixed 9.9.9P1-53.1
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
- affected < 9.9.9P1-49.1fixed 9.9.9P1-49.1
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and re
- affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
- affected < 9.9.9P1-59.1fixed 9.9.9P1-59.1
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a