| VID |
19029 |
| Severity |
30 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
ISC BIND (Berkeley Internet Name Daemon) is a server utility that implements the DNS (domain name service) protocol. It is widely used on the Internet. The BIND daemon, according to its version number, will exit with an assertion failure if a resource record with RDATA in excess of 65535 bytes is loaded and then subsequently queried.
* Note: This check solely relied on the banner of the remote DNS server to assess this vulnerability, so this might be a false positive.
* References:
https://kb.isc.org/article/AA-00778/74
http://ftp.isc.org/isc/bind9/9.6-ESV-R7-P3/CHANGES
http://ftp.isc.org/isc/bind9/9.7.6-P3/CHANGES
http://ftp.isc.org/isc/bind9/9.8.3-P3/CHANGES
http://ftp.isc.org/isc/bind9/9.9.1-P3/CHANGES
* Platforms Affected:
Internet Software Consortium, BIND version 9.6 < 9.6-ESV-R7-P3 or 9.6-ESV-R8
Internet Software Consortium, BIND version 9.7 < 9.7.6-P3 or 9.7.7
Internet Software Consortium, BIND version 9.8 < 9.8.3-P3 or 9.8.4
Internet Software Consortium, BIND version 9.9 < 9.9.1-P3 or 9.9.2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of BIND (9.6-ESV-R7-P3 / 9.6-ESV-R8 / 9.7.6-P3 / 9.7.7 / 9.8.3-P3 / 9.8.4 / 9.9.1-P3 / 9.9.2 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/products/BIND/ |
| Related URL |
CVE-2012-4244 (CVE) |
| Related URL |
55522 (SecurityFocus) |
| Related URL |
(ISS) |
|
