FreeBSD : bind9 -- Denial of Service in named(8) (ef3306fc-8f9b-11db-ab33-000e0c2e438a)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Problem Description For a recursive DNS server, a remote attacker
sending enough recursive queries for the replies to arrive after all
the interested clients have left the recursion queue will trigger an
INSIST failure in the named(8) daemon. Also for a recursive DNS
server, an assertion failure can occur when processing a query whose
reply will contain more than one SIG(covered) RRset.

For an authoritative DNS server serving a RFC 2535 DNSSEC zone which
is queried for the SIG records where there are multiple SIG(covered)
RRsets (e.g. a zone apex), named(8) will trigger an assertion failure
when it tries to construct the response. Impact An attacker who can
perform recursive lookups on a DNS server and is able to send a
sufficiently large number of recursive queries, or is able to get the
DNS server to return more than one SIG(covered) RRsets can stop the
functionality of the DNS service.

An attacker querying an authoritative DNS server serving a RFC 2535
DNSSEC zone may be able to crash the DNS server. Workaround A possible
workaround is to only allow trusted clients to perform recursive
queries.

See also :

http://www.nessus.org/u?be18f6f7

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:ND/RC:ND)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23953 (freebsd_pkg_ef3306fc8f9b11dbab33000e0c2e438a.nasl)

Bugtraq ID: 19859

CVE ID: CVE-2006-4095
CVE-2006-4096

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now