SynopsisThe remote name server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the instance of ISC BIND 9 running on the remote name server is between 9.9.0 and 9.10.8-P1, 9.11.0 and 9.11.5-P2, 9.12.0 and 9.12.3-P2, 9.9.3-S1 and 9.11.5-S3, & 9.13.0 and 9.13.6. It is, therefore, affected by a zone transfer vulnerability.
- A zone transfer vulnerability exists for writable DLZ zones. An unauthenticated, remote attacker can exploit this, via allowzonexfr method bypass, to bypass transfer controls. (CVE-2019-6465)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to ISC BIND version 9.11.5-P4 / 9.11.5-P4 / 9.12.3-P4 / 9.13.7 or later.