ISC BIND < 8.3.4 Multiple Remote Vulnerabilities

high Nessus Plugin ID 10886

Synopsis

It is possible to use the remote name server to break into the remote host.

Description

The remote name server, according to its version number, is affected by the following vulnerabilities :

- When running the recursive DNS functionality, this server is vulnerable to a buffer overflow attack that may let an attacker execute arbitrary code on the remote host.

- It is vulnerable to a denial of service attack (crash) via SIG RR elements with invalid expiry times.

- It is vulnerable to a denial of service attack when a DNS lookup is requested on a nonexistent sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail.

Solution

Upgrade to BIND 8.3.4 or newer

Plugin Details

Severity: High

ID: 10886

File Name: bind_dnsstorm.nasl

Version: 1.33

Type: remote

Family: DNS

Published: 3/8/2002

Updated: 9/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:isc:bind

Required KB Items: bind/version

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/12/2002

Reference Information

CVE: CVE-2002-1219, CVE-2002-1220, CVE-2002-1221

BID: 6159, 6160, 6161

IAVA: 2023-A-0320-S

SuSE: SUSE-SA:2002:044

Detections

Analytics