ISC BIND Dynamic Updates Unauthorized Resource Record Manipulation

medium Nessus Plugin ID 11320

Synopsis

The remote name server is misconfigured.

Description

The remote nameserver has dynamic updates enabled.

The dynamic updates let the BIND administrator update the name service information dynamically.

However, it is possible to trick BIND into changing the resource record for the zone it serves. An attacker may use this flaw to hijack the traffic going to the servers and redirect it to an arbitrary site.

Solution

If BIND is being used, add the option

allow-update {none;};
in the named.conf configuration file to disable this feature entirely.

Plugin Details

Severity: Medium

ID: 11320

File Name: bind_allows_updates.nasl

Version: Revision: 1.16

Type: remote

Family: DNS

Published: 3/4/2003

Updated: 1/25/2013

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:isc:bind

Required KB Items: DNS/udp/53