| VID |
19042 |
| Severity |
40 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
ISC BIND (Berkeley Internet Name Daemon) is a server utility that implements the DNS (domain name service) protocol. It is widely used on the Internet.
According to its version number, BIND version 99.10.2 prior to 9.10.2rc2 are affected by multiple vulnerabilities :
- A flaw exists within the Domain Name Service due to an error in the code used to follow delegations. A remote attacker, with a maliciously-constructed zone or query, can cause the service to issue unlimited queries, resulting in resource exhaustion. (CVE-2014-8500)
- Multiple flaws exist with GeoIP functionality. These flaws allow a remote attacker to cause a denial of service. (CVE-2014-8680)
- A denial of service vulnerability exists due to an error relating to DNSSEC validation and the managed-keys feature. A remote attacker can trigger an incorrect trust-anchor management scenario in which no key is ready for use, resulting in an assertion failure and daemon crash. (CVE-2015-1349)
* Note: This check solely relied on the banner of the remote DNS server to assess this vulnerability, so this might be a false positive.
* References:
https://kb.isc.org/article/AA-01235/0
https://kb.isc.org/article/AA-01246/0/BIND-9.10.2rc2-Release-Notes.html
* Platforms Affected:
Internet Software Consortium, BIND version 9.10.2 < 9.10.2rc2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of BIND (9.10.2rc2 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/downloads/BIND/ |
| Related URL |
CVE-2014-8500,CVE-2014-8680,CVE-2015-1349 (CVE) |
| Related URL |
71590,72673,73191 (SecurityFocus) |
| Related URL |
(ISS) |
|
