This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote name server is affected by a denial of service
According to its self-reported version number, the installation of
ISC BIND running on the remote name server is 9.x prior to 9.9.9-P2,
9.10.x prior to 9.10.4-P2, or 9.11.0a3 prior to 9.11.0b2. It is,
therefore, affected by an error in the lightweight resolver (lwres)
protocol implementation when resolving a query name that, when
combined with a search list entry, exceeds the maximum allowable
length. An unauthenticated, remote attacker can exploit this to cause
a segmentation fault, resulting in a denial of service condition. This
issue occurs when lwresd or the the named 'lwres' option is enabled.
See also :
Upgrade to ISC BIND version 9.9.8-P3 / 9.9.8-S4 / 9.10.3-P3 or later.
Note that BIND 9 version 9.9.9-S3 is available exclusively for
eligible ISC Support customers.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true