ISC BIND 9.9.7.x < 9.9.7rc2 Multiple Vulnerabilities
High Nessus Plugin ID 81490
SynopsisThe remote name server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the remote installation of BIND is potentially affected by multiple vulnerabilities :
- A flaw exists within the Domain Name Service due to an error in the code used to follow delegations. A remote attacker, with a maliciously-constructed zone or query, can cause the service to issue unlimited queries, resulting in resource exhaustion. (CVE-2014-8500)
- A denial of service vulnerability exists due to an error relating to DNSSEC validation and the managed-keys feature. A remote attacker can trigger an incorrect trust-anchor management scenario in which no key is ready for use, resulting in an assertion failure and daemon crash. (CVE-2015-1349)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to BIND version 9.9.7rc2 or later.