FreeBSD : bind9 -- Denial of Service in named(8) (ef3306fc-8f9b-11db-ab33-000e0c2e438a)

Medium Nessus Plugin ID 23953


The remote FreeBSD host is missing a security-related update.


Problem Description For a recursive DNS server, a remote attacker sending enough recursive queries for the replies to arrive after all the interested clients have left the recursion queue will trigger an INSIST failure in the named(8) daemon. Also for a recursive DNS server, an assertion failure can occur when processing a query whose reply will contain more than one SIG(covered) RRset.

For an authoritative DNS server serving a RFC 2535 DNSSEC zone which is queried for the SIG records where there are multiple SIG(covered) RRsets (e.g. a zone apex), named(8) will trigger an assertion failure when it tries to construct the response. Impact An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service.

An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server. Workaround A possible workaround is to only allow trusted clients to perform recursive queries.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 23953

File Name: freebsd_pkg_ef3306fc8f9b11dbab33000e0c2e438a.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2006/12/30

Modified: 2016/08/10

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:ND/RC:ND

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bind9, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2006/12/19

Vulnerability Publication Date: 2006/09/06

Reference Information

CVE: CVE-2006-4095, CVE-2006-4096

BID: 19859

OSVDB: 28557, 28558

FreeBSD: SA-06:20.bind