| VID |
19027 |
| Severity |
40 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
ISC BIND (Berkeley Internet Name Daemon) is a server utility that implements the DNS (domain name service) protocol. It is widely used on the Internet.
According to its self-reported version number, the remote installation of BIND does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
* Note: This check solely relied on the banner of the remote DNS server to assess this vulnerability, so this might be a false positive.
* References:
http://ftp.isc.org/isc/bind9/9.6-ESV-R7-P1/CHANGES
http://ftp.isc.org/isc/bind9/9.7.6-P1/CHANGES
http://ftp.isc.org/isc/bind9/9.8.3-P1/CHANGES
http://ftp.isc.org/isc/bind9/9.9.1-P1/CHANGES
https://kb.isc.org/article/AA-00698
https://www.isc.org/software/bind/advisories/cve-2012-1667
* Platforms Affected:
Internet Software Consortium, BIND before 9.6-ESV-R7-P1 / 9.7.6-P1 / 9.8.3-P1 / 9.9.1-P1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of BIND (9.6-ESV-R7-P1 / 9.7.6-P1 / 9.8.3-P1 / 9.9.1-P1 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/software/bind |
| Related URL |
CVE-2012-1667 (CVE) |
| Related URL |
53772 (SecurityFocus) |
| Related URL |
(ISS) |
|
