Plugins: DNS

ISC BIND 9 Multiple DoS Vulnerabilities

Knot DNS 1.5.2 Incremental Zone Transfer (IXFR) DoS

PowerDNS Recursor 3.6.0 DoS

Knot DNS < 1.4.5 TSIG Signature Spoofing

Knot DNS Server Version Detection

Unsupported Microsoft DNS Server Detection

ISC BIND 9 EDNS Processing DoS

ISC BIND 9 Recursive Server prefetch DoS

MaraDNS < 1.4.14 / 2.0.x < 2.0.09 Deadwood Out-of-Bounds DoS

MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching

MaraDNS 2.0.x < 2.0.05 Hash Collision Zone File Record Local DoS

MaraDNS < 1.3.07.11 / 1.4.x < 1.4.06 / 2.0.x < 2.0.02 compress_add_dlabel_points Function Buffer Overflow

MaraDNS < 1.3.07.14 / 1.4.x < 1.4.10 Hash Collision Form Parameter Remote DoS

MaraDNS 1.3.03 to 1.3.07.10 / 1.4.x < 1.4.03 NULL Pointer Dereference Local DoS (Linux)

MaraDNS < 1.0.41 / 1.2.x < 1.2.12.08 / 1.3.x < 1.3.07.04 CNAME Record Resource Rotation Remote DoS

MaraDNS 1.2.12.06 / 1.3.05 Wildcard Resource Record Remote DoS

MaraDNS 1.2.x < 1.2.12.06 / 1.3.x < 1.3.05 Invalid DNS Packet Fields Remote DoS

MaraDNS 1.2.x < 1.2.12.05 / 1.3.x < 1.3.03 IPv6 Memory Leak Remote DoS

MaraDNS 0.5.x < 0.5.31 / 0.9.x < 0.9.01 Compression Code Remote DoS

MaraDNS Server Version Detection

MS12-017: Vulnerability in DNS Server Could Allow Denial of Service (2647170) (uncredentialed check)

MS11-058: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) (uncredentialed check)

MS09-008: Vulnerabilities in DNS Server Could Allow Spoofing (961063) (uncredentialed check)

MS08-037: Vulnerabilities in DNS Could Allow Spoofing (951746) (uncredentialed check)

MS07-062: Vulnerability in DNS Could Allow Spoofing (941672) (uncredentialed check)

MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) (uncredentialed check)

Microsoft DNS Server Version Detection

DNS Server Version Detection

ISC BIND 9 NSEC3-Signed Zone Handling DoS

ISC BIND 9 localnets ACL Security Bypass

PowerDNS Recursor 3.3.x / 3.4.x / 3.5 RC1 Domain Name Resolving Vulnerability

ISC BIND 9 RDATA Section Handling DoS

ISC BIND 9 Recursive Resolver Malformed Zone DoS

ISC BIND 9 libdns Regular Expression Handling DoS

ISC BIND 9 DNS64 Handling DoS

ISC BIND 9 DNS RDATA Handling DoS

ISC BIND Cache Update Policy Deleted Domain Name Resolving Weakness

ISC BIND Assertion Error Resource Record RDATA Query Parsing Remote DoS

NSD query_add_optional() Function NULL Pointer Dereference Malformed DNS Packet Parsing Remote DoS

ISC BIND 9 Multiple Denial of Service Vulnerabilities

DNSSEC NSEC Records

ISC BIND 9 Zero-Length RDATA Section Denial of Service / Information Disclosure

Unbound < 1.4.14 / 1.4.13p2 DoS Vulnerabilities

PowerDNS < 2.9.22.5 / 3.0.1 Traffic Loop DoS

ISC BIND 9 Query.c Logging Resolver Denial of Service

ISC BIND 9 Unspecified Packet Processing Remote DoS

ISC BIND Response Policy Zones (RPZ) DNAME / CNAME Parsing Remote DoS

Unbound < 1.4.10 daemon/worker.c DNS Request Error Handling Remote DoS

Unbound < 1.4.4 DNSSEC Outage

ISC BIND 9 Large RRSIG RRsets Negative Caching Remote DoS

ISC BIND Response Policy Zones RRSIG Query Assertion Failure DoS

ISC BIND 9.7.1-9.7.2-P3 IXFR / DDNS Update Combined with High Query Rate DoS

ISC BIND 9 9.4-ESV < 9.4-ESV-R4, 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV-R3, 9.7.x < 9.7.2-P3 Multiple Vulnerabilities

ISC BIND 9 9.7.2 < 9.7.2-P2 Multiple Vulnerabilities

ISC BIND 9 'RRSIG' Record Type Remote DoS

ISC BIND 9 DNSSEC NSEC/NSEC3 Bogus NXDOMAIN Responses

ISC BIND 9 DNSSEC Cache Poisoning

dnsmasq < 2.50 Multiple Remote TFTP Vulnerabilities

ISC BIND 9 Dynamic Update Handling Remote DoS (intrusive check)

ISC BIND Dynamic Update Message Handling Remote DoS

NSD packet.c Off-By-One Remote Overflow

NSD version Directive Remote Version Disclosure

ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness

DNS Server Spoofed Request Amplification DDoS

PowerDNS CH HINFO Query Handling DoS

DNS Server DNSSEC Aware Resolver

DNS Server Dynamic Update Record Injection

DNS Server hostname.bind Map Hostname Disclosure

Dns2TCP Service Detection

ISC BIND 9 for Windows UDP Client Handler Remote DoS

dnsmasq < 2.45 Multiple Remote DoS

PowerDNS Recursor DNS Predictable Transaction ID (TRXID) Cache Poisoning

PowerDNS Version Detection

PowerDNS Authoritative Server Malformed Query Cache Poisoning Weakness

Multiple Vendor DNS Query ID Field Prediction Cache Poisoning

DNS Sender Policy Framework (SPF) Enabled

ISC BIND < 9.4.1 / 9.5.0a4 query.c query_addsoa Function Recursive Query DoS

ISC BIND 9 Multiple Remote DoS

DNS Server UDP Query Limitation

ISC BIND Crafted ANY Request Response Multiple RRsets DoS

dnsmasq < 2.21.0 Multiple Remote Vulnerabilities

ISC BIND < 9.3.1 Validator Self Checking Remote DoS

ISC BIND < 8.4.6 q_usedns Array Remote Overflow DoS

Multiple Vendor DNS Response Flooding Denial Of Service

DNS Server Cache Snooping Remote Information Disclosure

DNS Server Fingerprinting

ISC BIND < 8.3.7 / 8.4.3 Negative Record Cache Poisoning

ISC BIND < 4.9.11 stub resolver (libresolv.a) DNS Response Overflow

SheerDNS < 1.0.1 Multiple Vulnerabilities

ISC BIND < 4.9.5 DNS Resolver Functions Remote Overflow

ISC BIND Dynamic Updates Unauthorized Resource Record Manipulation

ISC BIND < 9.2.2 DNS Resolver Functions Remote Overflow

ISC BIND named SIG Resource Server Response RR Overflow

ISC BIND < 9.2.1 rdataset Parameter Malformed DNS Packet DoS

DNS Server Detection

ISC BIND < 8.3.4 Multiple Remote Vulnerabilities

ISC BIND 9.x AUTHORS Map Remote Version Disclosure

ISC BIND < 4.9.8 / 8.2.3 Multiple Remote Overflows

DNS Server Zone Transfer Information Disclosure (AXFR)

ISC BIND < 8.2.2-P7 Compressed ZXFR Name Service Query DoS

DNS Server Recursive Query Cache Poisoning Weakness

ISC BIND < 4.9.7 / 8.1.2 Inverse-Query Remote Overflow

WindowsNT DNS Server Character Saturation DoS

ISC BIND < 4.9.7-REL / 8.2.2-P5 Multiple Remote Vulnerabilities

DNS Server BIND version Directive Remote Version Detection