The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of DNS protocol

ISC BIND: overload via NXNSAttack On DNS Recursive Resolvers
An attacker can trigger an overload via NXNSAttack On DNS Recursive Resolvers of ISC BIND, in order to trigger a denial of service...
ADV200009, VIGILANCE-VUL-32306
mDNS: information disclosure and DDos
An attacker can query the mDNS service, in order to obtain sensitive information about the network, or to amplify a denial of service attack...
CVE-2015-2809, VIGILANCE-VUL-16510, VU#550620
DNS, Windows 2008 DNS: distributed denial of service via Root Hints
An attacker can use the DNS Service of Windows 2008 (or any other service returning Root Hints), in order to trigger a distributed denial of service...
VIGILANCE-VUL-14318
DNS, ISC BIND: no expiry of revoked names
When a domain name was revoked, an attacker can periodically query a recursive DNS server, in order to continuously renew data in the cache, which never expire...
BID-51898, BID-52558, c03577598, CERTA-2012-AVI-663, CVE-2012-1033, CVE-2012-1191, CVE-2012-1192, CVE-2012-1193, CVE-2012-1194, CVE-2012-1570, ESX410-201211001, ESX410-201211401-SG, ESX410-201211402-SG, ESX410-201211405-SG, ESX410-201211407-SG, FEDORA-2013-1176, FEDORA-2013-1204, FEDORA-2013-1301, FEDORA-2013-6279, FEDORA-2013-6316, openSUSE-SU-2012:0863-1, openSUSE-SU-2012:0864-1, RHSA-2012:0716-01, RHSA-2012:0717-01, SOL15481, SSA:2012-166-01, VIGILANCE-VUL-11344, VMSA-2012-0016, VU#542123
Windows, Java: poisoning the DNS cache
An attacker can open numerous UDP ports, in order to facilitate a DNS cache poisoning attack...
BID-50281, c03266681, CVE-2010-4448, CVE-2011-3552, HPSBUX02760, javacpuoct2011, RHSA-2012:0006-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100805, VIGILANCE-VUL-11087
DNS: cache poisoning
An attacker can predict DNS queries in order to poison the DNS client or cache (caching resolver)...
107064, 239392, 240048, 6702096, 7000912, 953230, BID-30131, c01506861, c01660723, CAU-EX-2008-0002, CAU-EX-2008-0003, CERTA-2002-AVI-189, CERTA-2002-AVI-200, cisco-sa-20080708-dns, CR102424, CR99135, CSCso81854, CVE-2008-1447, draft-ietf-dnsext-forgery-resilience-05, DSA-1544-2, DSA-1603-1, DSA-1604-1, DSA-1605-1, DSA-1617-1, DSA-1619-1, DSA-1619-2, DSA-1623-1, FEDORA-2008-6256, FEDORA-2008-6281, FEDORA-2009-1069, FreeBSD-SA-08:06.bind, HPSBMP02404, HPSBTU02358, HPSBUX02351, MDVSA-2008:139, MS08-037, NetBSD-SA2008-009, powerdns-advisory-2008-01, PSN-2008-06-040, RHSA-2008:0533-01, RHSA-2008:0789-01, SOL8938, SSA:2008-191-02, SSA:2008-205-01, SSRT080058, SSRT090014, SUSE-SA:2008:033, TA08-190B, TLSA-2008-26, VIGILANCE-VUL-7937, VMSA-2008-0014, VMSA-2008-0014.1, VMSA-2008-0014.2, VU#800113
DNS: denial of service via UDP echo services
An attacker can generate a message loop between a DNS server and UDP services such as echo...
VIGILANCE-VUL-5947
DNS: vulnerabilities of some implementations
Several implementations of DNS protocol are affected by the same vulnerabilities...
144154, 144154/NISCC/DNS, 31AK-2006-02-FR-1.0_FAST_DNS_DOS, BID-17691, BID-17692, BID-17693, BID-17694, CQ 72492, CVE-2006-2072, CVE-2006-2073, CVE-2006-2074, CVE-2006-2075, CVE-2006-7054, PSN-2006-04-017, VIGILANCE-VUL-5796, VU#955777
DNS: denial of service using recursive servers
An attacker can poison the cache of a recursive DNS server, then use it to overload a network...
CVE-2006-0987, CVE-2006-0988, VIGILANCE-VUL-5656
DNS : déni de service lors de la décompression de messages
Certaines implémentations du protocole DNS ne gèrent pas correctement les messages compressés...
BID-13729, CERTA-2005-AVI-175, CERTA-2005-AVI-181, CISCO20050524a, Cisco CSCeh59380, Cisco CSCeh63819, Cisco CSCsa67666, Cisco CSCsa67687, CSCsa67687, CVE-2005-0036, CVE-2005-0037, CVE-2005-0038, V6-DNSDECOMPLOOPDOS, VIGILANCE-VUL-4978
Our database contains other pages. You can request a free trial to read them.

Display information about DNS protocol: