SynopsisThe remote name server is affected by multiple denial of service vulnerabilities.
DescriptionAccording to its self-reported version number, the installation of ISC BIND running on the remote name server is potentially affected by the following vulnerabilities :
- A denial of service vulnerability exists due to an assertion flaw that is triggered when parsing malformed DNSSEC keys. An unauthenticated, remote attacker can exploit this, via a specially crafted query to a zone containing such a key, to cause a validating resolver to exit. (CVE-2015-5722)
- A denial of service vulnerability exists in the fromwire_openpgpkey() function in openpgpkey_61.c that is triggered when the length of data is less than 1. An unauthenticated, remote attacker can exploit this, via a specially crafted response to a query, to cause an assertion failure that terminates named. (CVE-2015-5986)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to BIND version 9.9.7-P3 / 9.10.2-P4 or later.