ISC BIND 9.9.x < 9.9.9-P3 / 9.10.x < 9.10.4-P3 / 9.11.x < 9.11.0rc3 buffer.c Query Response DoS
High Nessus Plugin ID 93865
SynopsisThe remote name server is affected by a denial of service vulnerability.
DescriptionAccording to its self-reported version number, the version of ISC BIND running on the remote name server is 9.9.x prior to 9.9.9-P3, 9.10.x prior to 9.10.4-P3, or 9.11.x prior to 9.11.0rc3. It is, therefore, affected by a denial of service vulnerability within file buffer.c due to improper construction of responses to crafted requests. An unauthenticated, remote attacker can exploit this, via a specially crafted query, to cause an assertion failure, resulting in a daemon exit.
SolutionUpgrade to ISC BIND version 9.9.9-P3 / 9.9.9-S5 / 9.10.4-P3 / 9.11.0rc3 or later. Note that BIND 9 version 9.9.9-S5 is available exclusively for eligible ISC Support customers.