Bird_banner_small4
ISC BIND Query Response Missing RRSIG Denial of Service
TSL ID TSL20170112-14
CVE ID(s) CVE-2016-9444
Severity Critical
Description

A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause the named service to exit with an assertion failure while processing a crafted response query containing certain record types without an accompanying RRSIG.

A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted response to the vulnerable server. Successful exploitation could lead to denial-of-service condition.

The vendor, ISC, has released an advisory addressing this issue:

https://kb.isc.org/article/AA-01441/

Affected Products
  • ISC BIND 9.10.0 to 9.10.4-P4
  • ISC BIND 9.11.0 to 9.11.0-P1
  • ISC BIND 9.4.0 to 9.6-ESV-R11-W1
  • ISC BIND 9.8.5 to 9.8.8
  • ISC BIND 9.9.3 to 9.9.9-P4
  • ISC BIND 9.9.9-S1 to 9.9.9-S6
CVSS Score Base 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is NONE
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 5.3 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://kb.isc.org/article/AA-01441/
Related Threats