| VID |
19075 |
| Severity |
30 |
| Port |
53 |
| Protocol |
UDP |
| Class |
DNS |
| Detailed Description |
According to its self-reported version number, the remote installation of BIND can be forced to crash via maliciously crafted DNS requests.
Note that this vulnerability only affects installs using the 'dns64' configuration option.
Further note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected.
* References:
https://kb.isc.org/article/AA-00855
http://ftp.isc.org/isc/bind9/9.9.3/CHANGES
* Platforms Affected:
Internet Software Consortium, BIND version 9.9.x < 9.9.3
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of BIND (9.9.3 or later), available from the Internet Software Consortium (ISC) Web site at http://www.isc.org/downloads/BIND/ |
| Related URL |
CVE-2012-5689 (CVE) |
| Related URL |
57556 (SecurityFocus) |
| Related URL |
(ISS) |
|
