SynopsisThe remote DNS server is vulnerable to multiple attack vectors.
DescriptionThe remote host is running BIND, and open source name server.
Versions of BIND 9.4-ESV < 9.4-ESV-R4, 9.6.2 < 9.6.2-P3, 9.6-ESV < 9.6-ESV < R3, and 9.7.x < 9.7.2-P3 are potentially affected by multiple vulnerabilities :
- Failure to clear existing RRSIG records when a NO DATA is negatively cached could cause subsequent lookups to crash named. (CVE-2010-3613)
- Named, when acting as a DNSSEC validating resolver, could incorrectly mark zone data as insecure when the zone being queried is undergoing a key algorithm rollover. (CVE-2010-3614)
- Using 'allow-query' in the 'options' or 'view' statements to restrict access to authorize zones has no effect. (CVE-2010-3615)
SolutionUpgrade to BIND 9.4-ESV-R4, 9.6.2-P3, 9.6-ESV-R3, 9.7.2-P3, or later.