AIX bind Advisory : bind_advisory12.asc (IV84456) (IV84457) (IV84458) (IV84459) (IV84947) (IV84984) (IV85296) (IV85297) (IV85298)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote AIX host has a version of bind installed that is affected
by multiple denial of service vulnerabilities.

Description :

The version of bind installed on the remote AIX host is affected by
the following vulnerabilities :

- A denial of service vulnerability exists in files
sexpr.c and alist.c when handling control channel
packets. An unauthenticated, remote attacker can
exploit this, via crafted packets sent to the control
channel (rndc) interface, to cause an assertion failure
and daemon exit. (CVE-2016-1285)

- A denial of service vulnerability exists in files
resolver.c and db.c when handling DNAME resource
signatures. An unauthenticated, remote attacker can
exploit this, via a crafted query that generates a
response containing a signature record, to cause an
assertion failure and daemon exit. (CVE-2016-1286)

See also :

http://aix.software.ibm.com/aix/efixes/security/bind_advisory12.asc

Solution :

A fix is available and can be downloaded from the IBM AIX website.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: AIX Local Security Checks

Nessus Plugin ID: 102124 ()

Bugtraq ID:

CVE ID: CVE-2016-1285
CVE-2016-1286

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now