58946

68193

1030414

https://kb.isc.org/article/AA-01166/

https://kb.isc.org/article/AA-01171/

Versions of ISC BIND earlier than 9.10.1-P1 are unpatched for the following vulnerabilities:

  - Denial of service vulnerability that can be triggered when handling a maliciously constructed query or zone request, causing the service to issue unlimited queries in an attempt to follow a delegation (CVE-2014-8500)

  - Denial of service vulnerability in the pre-fetch feature that is triggered when the response to a specially crafted DNS query contains particular attributes. (CVE-2014-3214)

  - Denial of service vulnerability in EDNS option processing  (CVE-2014-3859)

  - Denial of service in three unspecified flaws in the GeoIP feature (CVE-2014-8680)

According to its self-reported version number, the remote installation of BIND is affected by a denial of service vulnerability. The issue exists due to an error in 'libdns' that fails to properly handle Extension Mechanisms for DNS (EDNS) options.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of ISC BIND detected on this server is affected by an error resulting from improper handling of EDNS options. This can be leveraged by an attacker to trigger an assertion failure that causes the named daemon to terminate, resulting in denial of service.

ID	Name	Product	Family	Severity
8569	ISC BIND 9.10.x < 9.10.1-P1 Multiple DoS	Nessus Network Monitor	DNS Servers	high
74495	ISC BIND 9 EDNS Processing DoS	Nessus	DNS	medium
8313	ISC BIND 9.10.0 / 9.10.0-P1 named Assertion Failure DoS	Nessus Network Monitor	DNS Servers	high

CVE-2014-3859

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins