HP Security Bulletin HPSBOV03540 1 - Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). Revision 1 of this advisory.
172ff73cf346da8d896484da1bbb74a962da41e89f917e23789840d3a1898675
EMC VPLEX GeoSynchrony versions 4.0 through 5.2.1 suffer from path traversal, timeout validity, session fixation, and various other vulnerabilities.
865ebcefce882874598ff43ecc2a95087b307183385a9a725bb5ad0baf892e95
Gentoo Linux Security Advisory 201401-34 - Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service. Versions less than 9.9.4_p2 are affected.
08788290f886b257bb5cf19d5da72a1cebe9c1902c834380c2cebb552a875e12
Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.
6ba59298aa5785b3b0ac181767509f821759a4fbc0ab6e1b3056eb65c22a59a5
Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.
cd4c4e819b4c3c239ee06046bee62e04089f000fc2faea5c9f5936326037c9c2
FreeBSD Security Advisory - The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. The attacker can also cause the server to lock up with specific combinations of RDATA.
06e1aee7809f7e8aa741e07c76a29eb43443068d25922ef3f329e9890d2bf998
Debian Linux Security Advisory 2560-1 - It was discovered that BIND, a DNS server, hangs while constructing the additional section of a DNS reply, when certain combinations of resource records are present. This vulnerability affects both recursive and authoritative servers.
a6d9d407c1c80ac0067a82615b8a0b23011b321f4167537910756884e7c70aa6
Red Hat Security Advisory 2012-1364-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.
c7ba0a0b9af7f074ca5ac2de81f2559d838a34c85c046075f80be27dcfeeebd1
Red Hat Security Advisory 2012-1363-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.
43253f9beb8d6c62e2d415c4ab7cd742aa2c27c7836d23355645c09a802c42d0
Red Hat Security Advisory 2012-1365-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure.
742e2befeceeca5edca4866efb3535e12f6b9a7fbf26889a4973a014fa966a82
Mandriva Linux Security Advisory 2012-162 - A vulnerability was discovered and corrected in bind. A certain combination of records in the RBT could cause named to hang while populating the additional section of a response. The updated packages have been upgraded to bind 9.7.6-P4 and 9.8.3-P4 which is not vulnerable to this issue.
80ffb7f2dbb46dfa6d4b27ae58985642bde45c40a03ee72694f49d54c766442c
Ubuntu Security Notice 1601-1 - Jake Montgomery discovered that Bind incorrectly handled certain specific combinations of RDATA. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
549d588e2d00c7897d8c6de38a16b083c762b0c80ec96781da79d901f2ced913