Информационная безопасность
[RU] switch to English


DoS против named в ISC bind
Опубликовано:10 декабря 2014 г.
Источник:
SecurityVulns ID:14139
Тип:удаленная
Уровень опасности:
7/10
Описание:Отказ при разборе рекурсивных запросов. Отказ при работе с GeoIP.
Затронутые продукты:ISC : bind 9.10
CVE:CVE-2014-8680 (The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.)
 CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:29.bind (10.12.2014)
Файлы:CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
 CVE-2014-8680: Defects in GeoIP features can cause BIND to crash

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород