buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

The remote NewStart CGSL host, running version MAIN 6.02, has bind packages installed that are affected by multiple vulnerabilities:

  - ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when     answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for     remote attackers to guess the next query id and perform DNS cache poisoning. (CVE-2007-2926)

  - Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions,     which allows local users to perform unauthorized named commands, such as causing a denial of service by     stopping named. (CVE-2007-6283)

  - Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in     FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service     (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
    (CVE-2008-0122)

  - The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)     Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations     allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to     conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction     IDs and source ports, aka DNS Insufficient Socket Entropy Vulnerability or the Kaminsky bug.
    (CVE-2008-1447)

  - BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL     DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a     malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. (CVE-2009-0025)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Versions of ISC BIND 9.10.x prior to 9.10.3-P3 are unpatched for a flaw in 'lib/dns/message.c' that is triggered when converting OPT pseudo-RR data or ECS options to text.  This may allow a remote attacker to crash the named service.

The remote host is affected by the vulnerability described in GLSA-201610-07 (BIND: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in BIND. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could cause a Denial of Service condition through       multiple attack vectors.
  Workaround :

    There is no known workaround at this time.

Update to the latest upstream version due to security fixes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

According to its self-reported version number, the installation of ISC BIND running on the remote name server is affected by multiple denial of service vulnerabilities :

  - A denial of service vulnerability exists due to improper     handling of certain string formatting options. An     authenticated, remote attacker can exploit this, via a     malformed Address Prefix List (APL) record, to cause an     INSIST assertion failure and daemon exit.
    (CVE-2015-8704)

  - A denial of service vulnerability exists due to a     failure to properly convert OPT records and ECS options     to formatted text. A remote attacker can exploit this     to cause a REQUIRE assertion failure and daemon exit.
    Note that this issue only affects BIND 9.10.x.
    (CVE-2015-8705)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ISC reports :

Problems converting OPT resource records and ECS options to text format can cause BIND to terminate

ID	Name	Product	Family	Severity
206846	NewStart CGSL MAIN 6.02 : bind Multiple Vulnerabilities (NS-SA-2024-0060)	Nessus	NewStart CGSL Local Security Checks	high
9870	ISC BIND 9.10.x < 9.10.3-P3 DoS	Nessus Network Monitor	DNS Servers	medium
93994	GLSA-201610-07 : BIND: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
89639	Fedora 23 : bind-9.10.3-10.P3.fc23 (2016-f3517b9c4c)	Nessus	Fedora Local Security Checks	high
89486	Fedora 22 : bind-9.10.3-8.P3.fc22 (2016-1ab53bf440)	Nessus	Fedora Local Security Checks	high
88909	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2016-054-01)	Nessus	Slackware Local Security Checks	high
88385	ISC BIND 9.3.0 < 9.9.8-P3 / 9.9.x-Sx < 9.9.8-S4 / 9.10.x < 9.10.3-P3 Multiple DoS	Nessus	DNS	high
88027	FreeBSD : bind -- denial of service vulnerability (314830d8-bf91-11e5-96d6-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2015-8705

high

Tenable Plugins

high

medium

high

high

high

high

high

high