ISC BIND Dynamic Update Message Handling Remote DoS (deprecated)

High Nessus Network Monitor Plugin ID 5107

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The version of BIND installed on the remote host suggests that it suffers from a denial of service vulnerability, which may be triggered by sending a malicious dynamic update message to a zone for which the server is the master, even if that server is not configured to allow dynamic updates. Note that PVS obtained the version by observing the response to a 'version.bind', the value of which can be and sometimes is tweaked by DNS administrators.

Solution

Upgrade to BIND 9.4.3-P3 / 9.5.1-P3 / 9.6.1-P3 or later

See Also

https://www.isc.org/node/474

http://www.kb.cert.org/vuls/id/725188

Plugin Details

Severity: High

ID: 5107

File Name: 5107.prm

Family: DNS Servers

Published: 2009/07/29

Modified: 2016/05/13

Dependencies: 9234

Nessus ID: 40422

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:isc:bind

Patch Publication Date: 2009/07/28

Vulnerability Publication Date: 2009/07/28

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0696

BID: 35848

OSVDB: 56584