ISC BIND 9.9.8-Sx < 9.9.8-S5 REQUIRE Assertion DoS
Medium Nessus Plugin ID 88716
SynopsisThe remote name server is affected by a denial of service vulnerability.
DescriptionAccording to its self-reported version number, the version of BIND 9 Supported Preview Edition running on the remote host is version 9.9.8-Sx prior to 9.9.8-S5. It is, therefore, affected by a denial of service vulnerability due to a flaw in file rdataset.c related to handling flag values in incoming queries when the 'nxdomain-redirect' option is enabled. An unauthenticated, remote attacker can exploit this, via a crafted query with the right combination of attributes, to cause a REQUIRE assertion failure, resulting in termination of the service.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Note that 9.9.8-S4 and 9.9.8-S5 are preview versions of BIND provided exclusively to ISC Support customers.
SolutionUpgrade to BIND version 9.9.8-S5 or later. Alternatively, contact the vendor regarding a patch for BIND version 9.9.8-S4.