BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
CVSS Score
5.0
EPSS Score
0.037
Published
2002-11-29
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
CVSS Score
7.8
EPSS Score
0.001
Published
2001-07-21
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.454
Published
2001-02-12
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
CVSS Score
5.0
EPSS Score
0.2
Published
2001-02-12
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
CVSS Score
5.0
EPSS Score
0.158
Published
2000-12-19
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVSS Score
7.5
EPSS Score
0.011
Published
2000-05-03
Buffer overflow in BIND 8.2 via NXT records.
CVSS Score
7.5
EPSS Score
0.015
Published
1999-11-10
Denial of service in BIND by improperly closing TCP sessions via so_linger.
CVSS Score
10.0
EPSS Score
0.011
Published
1999-11-10
Denial of service in BIND named via consuming more than "fdmax" file descriptors.
CVSS Score
5.0
EPSS Score
0.102
Published
1999-11-10
Denial of service in BIND named via maxdname.
CVSS Score
5.0
EPSS Score
0.019
Published
1999-11-10