| VID |
19058 |
| Severity |
30 |
| Port |
79 |
| Protocol |
TCP,UDP |
| Class |
DNS |
| Detailed Description |
ISC BIND (Berkeley Internet Name Daemon) is a server utility that implements the DNS (domain name service) protocol. It is widely used on the Internet. According to its version number, BIND version 9.11.0x prior to 9.11.0b2 are affected by an error in the lightweight resolver (lwres) protocol implementation when resolving a query name that, when combined with a search list entry, exceeds the maximum allowable length. An unauthenticated, remote attacker can exploit this to cause a segmentation fault, resulting in a denial of service condition. This issue occurs when lwresd or the the named 'lwres' option is enabled.
* Note: This check solely relied on the banner of the remote DNS server to assess this vulnerability, so this might be a false positive.
* References:
https://kb.isc.org/article/AA-01393
* Platforms Affected:
Internet Software Consortium, BIND version 9.11.0x < 9.11.0b2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of BIND (9.11.0b2 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/downloads/BIND/ |
| Related URL |
CVE-2016-2775 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
