| VID |
19044 |
| Severity |
40 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
ISC BIND (Berkeley Internet Name Daemon) is a server utility that implements the DNS (domain name service) protocol. It is widely used on the Internet. According to its version number, the remote installation of BIND is potentially affected by a denial of service vulnerability, when configured as a recursive resolver with DNSSEC validation, due to an error that occurs during the validation of specially crafted zone data returned in an answer to a recursive query. A remote attacker can exploit this, by causing a query to be performed against a maliciously constructed zone, to crash the resolver.
* Note: This check solely relied on the banner of the remote DNS server to assess this vulnerability, so this might be a false positive.
* References:
https://kb.isc.org/article/AA-01267
https://kb.isc.org/article/AA-01270
https://kb.isc.org/article/AA-01269
* Platforms Affected:
Internet Software Consortium, BIND version 9.x < 9.9.7-P1
Internet Software Consortium, BIND version 9.10.x < 9.10.2-P2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of BIND (9.9.7-P1 / 9.10.2-P2 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/downloads/BIND/ |
| Related URL |
CVE-2015-4620 (CVE) |
| Related URL |
75588 (SecurityFocus) |
| Related URL |
(ISS) |
|
