Computer Security
[EN] securityvulns.ru no-pyccku


ISC bind named DoS
Published:10.12.2014
Source:
SecurityVulns ID:14139
Type:remote
Threat Level:
7/10
Description:Crash on recursive query parsing. Crash on GeoIP handling.
Affected:ISC : bind 9.10
CVE:CVE-2014-8680 (The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.)
 CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:29.bind (10.12.2014)
Files:CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
 CVE-2014-8680: Defects in GeoIP features can cause BIND to crash

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod