Denial of Service : ISC BIND AXFR Response Denial of Service Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106118

Kategorie: Denial of Service

Titel: ISC BIND AXFR Response Denial of Service Vulnerability

Zusammenfassung: ISC BIND is prone to a denial of service vulnerability.

Beschreibung: Summary:
ISC BIND is prone to a denial of service vulnerability.

Vulnerability Insight:
Primary DNS servers may cause a denial of service (secondary DNS server
crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client
crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary
DNS server crash) via a large UPDATE message.

Vulnerability Impact:
An authenticated remote attacker may cause a denial of service
condition.

Affected Software/OS:
Version <= 9.10.4-P1.

Solution:
As a workaround operators of servers which
accept untrusted zone data can mitigate their risk by operating an intermediary
server whose role it is to receive zone data and then (if successful)
re-distribute it to client-facing servers. Successful exploitation of the
attack against the intermediary server may still occur but denial of service
against the client-facing servers is significantly more difficult to achieve
in this scenario.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-6170
BugTraq ID: 91611
http://www.securityfocus.com/bid/91611
https://security.gentoo.org/glsa/201610-07
https://github.com/sischkg/xfer-limit/blob/master/README.md
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html
http://www.openwall.com/lists/oss-security/2016/07/06/3
http://www.securitytracker.com/id/1036241

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106118
Kategorie:	Denial of Service
Titel:	ISC BIND AXFR Response Denial of Service Vulnerability
Zusammenfassung:	ISC BIND is prone to a denial of service vulnerability.
Beschreibung:	Summary: ISC BIND is prone to a denial of service vulnerability. Vulnerability Insight: Primary DNS servers may cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. Vulnerability Impact: An authenticated remote attacker may cause a denial of service condition. Affected Software/OS: Version <= 9.10.4-P1. Solution: As a workaround operators of servers which accept untrusted zone data can mitigate their risk by operating an intermediary server whose role it is to receive zone data and then (if successful) re-distribute it to client-facing servers. Successful exploitation of the attack against the intermediary server may still occur but denial of service against the client-facing servers is significantly more difficult to achieve in this scenario. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6170 BugTraq ID: 91611 http://www.securityfocus.com/bid/91611 https://security.gentoo.org/glsa/201610-07 https://github.com/sischkg/xfer-limit/blob/master/README.md https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html http://www.openwall.com/lists/oss-security/2016/07/06/3 http://www.securitytracker.com/id/1036241
Copyright	Copyright (C) 2016 Greenbone Networks GmbH