ISC BIND Dynamic Update Message Handling Remote DoS

medium Nessus Plugin ID 40422


The remote name server may be affected by a denial of service vulnerability.


The version of BIND installed on the remote host suggests that it suffers from a denial of service vulnerability, which may be triggered by sending a malicious dynamic update message to a zone for which the server is the master, even if that server is not configured to allow dynamic updates.

Note that Nessus obtained the version by sending a special DNS request for the text 'version.bind' in the domain 'chaos', the value of which can be and sometimes is tweaked by DNS administrators.


Upgrade to BIND 9.4.3-P3 / 9.5.1-P3 / 9.6.1-P3 or later.

See Also

Plugin Details

Severity: Medium

ID: 40422

File Name: bind9_dos3.nasl

Version: 1.11

Type: remote

Family: DNS

Published: 7/29/2009

Updated: 6/27/2018

Risk Information


Risk Factor: Medium

Score: 5.1


Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:isc:bind

Required KB Items: bind/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/28/2009

Vulnerability Publication Date: 7/28/2009

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0696

BID: 35848

CWE: 16

CERT: 725188