U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:isc:bind:9.5.0:rc1:*:*:-:*:*:*
  • CPE Name Search: true
There are 45 matching records.
Displaying matches 41 through 45.
Vuln ID Summary CVSS Severity
CVE-2009-0025

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Published: January 07, 2009; 12:30:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-2925

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

Published: July 24, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-2926

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Published: July 24, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-2241

Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.

Published: May 02, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-0493

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

Published: January 25, 2007; 3:28:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH