Detections
Analytics
ISC BIND 9.x < 9.9.7-P3 / 9.9.8 / 9.9.8-S1 / 9.9.8rc1 / 9.9.9-S3 / 9.10.2-P4 / 9.10.3 / 9.10.3rc1 Multiple DoS
high Nessus Network Monitor Plugin ID 9866
Synopsis
The remote DNS server may be affected by multiple Denial of Service (DoS) attack vectors.Description
Versions of ISC BIND 9.x prior to 9.9.7-P3, 9.9.9-S3, 9.10.2-P4, and 9.10.3 are unpatched for the following vulnerabilities :- An assertion flaw exists that is triggered when parsing malformed DNSSEC keys. With a specially crafted query to a zone containing such a key, a remote attacker can cause a validating resolver to exit.
- A flaw exists in the 'fromwire_openpgpkey()' function in 'openpgpkey_61.c' that is triggered when the length of the data is less than 1. With a specially crafted response to a query, a remote attacker can cause an assertion failure that terminates named.
Solution
Upgrade ISC BIND to version 9.10.3 or later. If version 9.10.x cannot be obtained, versions 9.10.3-rc1, 9.10.2-P4, 9.9.9-S3, 9.9.8rc1, 9.9.8-S1, 9.9.8 and 9.9.7-P3 are also patched for these vulnerabilities.See Also
https://kb.isc.org/article/AA-01287
https://kb.isc.org/article/AA-01291
https://kb.isc.org/article/AA-01303
https://kb.isc.org/article/AA-01305
https://kb.isc.org/article/AA-01306
https://kb.isc.org/article/AA-01307
https://kb.isc.org/article/AA-01345/81/BIND-9.9.8-S4-Release-Notes.html
Plugin Details
Severity: High
ID: 9866
Family: DNS Servers
Published: 1/19/2017
Updated: 3/6/2019
Nessus ID: 85896
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:isc:bind
Patch Publication Date: 9/2/2015
Vulnerability Publication Date: 8/7/2015
Reference Information
CVE: CVE-2015-5722, CVE-2015-5986