FreeBSD : dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone (72f35727-ce83-11e2-be04-005056a37f68)

high Nessus Plugin ID 66837

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

ISC reports :

A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal 'RUNTIME_CHECK' error in resolver.c.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?8302dd2d

Plugin Details

Severity: High

ID: 66837

File Name: freebsd_pkg_72f35727ce8311e2be04005056a37f68.nasl

Version: 1.10

Type: local

Published: 6/7/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bind96, p-cpe:/a:freebsd:freebsd:bind96-base, p-cpe:/a:freebsd:freebsd:bind98, p-cpe:/a:freebsd:freebsd:bind98-base, p-cpe:/a:freebsd:freebsd:bind99, p-cpe:/a:freebsd:freebsd:bind99-base, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/6/2013

Vulnerability Publication Date: 6/4/2013

Reference Information

CVE: CVE-2013-3919