ISC BIND 9.x < 9.9.8-P4 / 9.9.8-S6 / 9.9.9-S3 / 9.10.3-P4 Multiple DoS
High Nessus Network Monitor Plugin ID 9872
SynopsisThe remote DNS server may be affected by multiple Denial of Service (DoS) attack vectors.
DescriptionVersions of ISC BIND 9.x prior to 9.9.8-P4, 9.9.8-S6, 9.9.9-S3 and 9.10.3-P4 are unpatched for the following vulnerabilities :
- A flaw exists in 'sexpr.c' and 'alist.c' that is triggered when handling specially crafted control channel packets, as controlled by the the 'rndc' server control utility. This may allow a remote attacker to cause a server to stop responding. (OSVDB 135663)
- A flaw exists in 'resolver.c' and 'db.c' that is triggered when handling specially crafted DNAME resource record signatures. This may allow a remote attacker to cause a denial of service. (OSVDB 135664)
SolutionUpgrade ISC BIND to version 9.10.3-P4 or later. If version 9.10.x cannot be obtained, versions 9.9.9-S3, 9.9.8-S6 and 9.9.8-P4 are also patched for these vulnerabilities.