ISC BIND 9.4-ESV < 9.4-ESV-R4 / 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV-R3 / 9.7.x < 9.7.2-P3 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 5718
Synopsis
The remote DNS server is vulnerable to multiple attack vectors.Description
The remote host is running BIND, and open source name server.Versions of BIND 9.4-ESV < 9.4-ESV-R4, 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV < R3, and 9.7.x < 9.7.2-P3 are potentially affected by multiple vulnerabilities :
- Failure to clear existing RRSIG records when a NO DATA is negatively cached could cause subsequent lookups to crash named. (CVE-2010-3613)
- Named, when acting as a DNSSEC validating resolver, could incorrectly mark zone data as insecure when the zone being queried is undergoing a key algorithm rollover. (CVE-2010-3614)
- Using 'allow-query' in the 'options' or 'view' statements to restrict access to authorize zones has no effect. (CVE-2010-3615)
Solution
Upgrade to BIND 9.4-ESV-R4, 9.6.2-P3, 9.6-ESV-R3, 9.7.2-P3, or later.See Also
http://ftp://ftp.isc.org/isc/bind9/9.4-ESV-R4/RELEASE-NOTES-BIND-9.4-ESV-R4.html
http://ftp://ftp.isc.org/isc/bind9/9.6.2-P3/RELEASE-NOTES-BIND-9.6.2-P3.html
http://ftp://ftp.isc.org/isc/bind9/9.6-ESV-R3/RELEASE-NOTES-BIND-9.6-ESV-R3.html
http://ftp://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
https://www.isc.org/software/bind/advisories/cve-2010-3613
Plugin Details
Severity: High
ID: 5718
Family: DNS Servers
Published: 12/1/2010
Updated: 3/6/2019
Nessus ID: 50976
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.4
Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Temporal Vector: E:F/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:isc:bind
Patch Publication Date: 12/1/2010
Vulnerability Publication Date: 12/1/2010
Reference Information
CVE: CVE-2010-3613, CVE-2010-3614, CVE-2010-3615
IAVA: 2011-A-0066