ISC BIND Dynamic Update Message Handling Remote DoS (deprecated)

high Nessus Network Monitor Plugin ID 5107

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack

Description

The version of BIND installed on the remote host suggests that it suffers from a denial of service vulnerability, which may be triggered by sending a malicious dynamic update message to a zone for which the server is the master, even if that server is not configured to allow dynamic updates. Note that NNM obtained the version by observing the response to a 'version.bind', the value of which can be and sometimes is tweaked by DNS administrators.

Solution

Upgrade to BIND 9.4.3-P3 / 9.5.1-P3 / 9.6.1-P3 or later

See Also

https://www.isc.org/node/474

http://www.kb.cert.org/vuls/id/725188

Plugin Details

Severity: High

ID: 5107

Family: DNS Servers

Published: 7/29/2009

Updated: 3/6/2019

Nessus ID: 40422

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:isc:bind

Patch Publication Date: 7/28/2009

Vulnerability Publication Date: 7/28/2009

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0696

BID: 35848