icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ISC BIND Dynamic Update Message Handling Remote DoS

High

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The version of BIND installed on the remote host suggests that it suffers from a denial of service vulnerability, which may be triggered by sending a malicious dynamic update message to a zone for which the server is the master, even if that server is not configured to allow dynamic updates. Note that PVS obtained the version by observing the response to a 'version.bind', the value of which can be and sometimes is tweaked by DNS administrators.

Solution

Upgrade to BIND 9.4.3-P3 / 9.5.1-P3 / 9.6.1-P3 or later