Vulnerabilities > CVE-2006-0987 - Unspecified vulnerability in ISC Bind 9.3.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
Metasploit
| description | This module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party. |
| id | MSF:AUXILIARY/SCANNER/DNS/DNS_AMP |
| last seen | 2019-12-19 |
| modified | 2017-08-27 |
| published | 2014-01-29 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/dns/dns_amp.rb |
| title | DNS Amplification Scanner |
Nessus
NASL family AIX Local Security Checks NASL id AIX_IV62224.NASL description The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 last seen 2020-06-01 modified 2020-06-02 plugin id 77254 published 2014-08-20 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77254 title AIX 6.1 TL 7 : bind9 (IV62224) code # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory6.asc. # include("compat.inc"); if (description) { script_id(77254); script_version("$Revision: 1.1 $"); script_cvs_date("$Date: 2014/08/20 15:13:32 $"); script_cve_id("CVE-2006-0987"); script_name(english:"AIX 6.1 TL 7 : bind9 (IV62224)"); script_summary(english:"Check for APAR IV62224"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory6.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"6.1", ml:"07", sp:"09", patch:"IV62224m9a", package:"bos.net.tcp.server", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.20") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV62146.NASL description The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 last seen 2020-06-01 modified 2020-06-02 plugin id 77253 published 2014-08-20 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77253 title AIX 6.1 TL 8 : bind9 (IV62146) code # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory6.asc. # include("compat.inc"); if (description) { script_id(77253); script_version("$Revision: 1.1 $"); script_cvs_date("$Date: 2014/08/20 15:13:32 $"); script_cve_id("CVE-2006-0987"); script_name(english:"AIX 6.1 TL 8 : bind9 (IV62146)"); script_summary(english:"Check for APAR IV62146"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory6.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"6.1", ml:"08", sp:"04", patch:"IV62146m4a", package:"bos.net.tcp.server", minfilesetver:"6.1.8.0", maxfilesetver:"6.1.8.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV61090.NASL description The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 last seen 2020-06-01 modified 2020-06-02 plugin id 77251 published 2014-08-20 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77251 title AIX 7.1 TL 2 : bind9 (IV61090) code # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory6.asc. # include("compat.inc"); if (description) { script_id(77251); script_version("$Revision: 1.1 $"); script_cvs_date("$Date: 2014/08/20 15:13:32 $"); script_cve_id("CVE-2006-0987"); script_name(english:"AIX 7.1 TL 2 : bind9 (IV61090)"); script_summary(english:"Check for APAR IV61090"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory6.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.1", ml:"02", sp:"04", patch:"IV61090s4a", package:"bos.net.tcp.server", minfilesetver:"7.1.2.0", maxfilesetver:"7.1.2.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV62225.NASL description The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 last seen 2020-06-01 modified 2020-06-02 plugin id 77255 published 2014-08-20 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77255 title AIX 6.1 TL 9 : bind9 (IV62225) NASL family AIX Local Security Checks NASL id AIX_IV61027.NASL description The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 last seen 2020-06-01 modified 2020-06-02 plugin id 77250 published 2014-08-20 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77250 title AIX 7.1 TL 3 : bind9 (IV61027) NASL family DNS NASL id DNS_AMPLIFICATION.NASL description The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ( last seen 2020-06-01 modified 2020-06-02 plugin id 35450 published 2009-01-22 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35450 title DNS Server Spoofed Request Amplification DDoS NASL family AIX Local Security Checks NASL id AIX_IV62327.NASL description The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 last seen 2020-06-01 modified 2020-06-02 plugin id 77256 published 2014-08-20 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77256 title AIX 5.3 TL 12 : bind9 (IV62327) NASL family AIX Local Security Checks NASL id AIX_IV61093.NASL description The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987 last seen 2020-06-01 modified 2020-06-02 plugin id 77252 published 2014-08-20 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77252 title AIX 7.1 TL 1 : bind9 (IV61093)
References
- http://dns.measurement-factory.com/surveys/sum1.html
- http://dns.measurement-factory.com/surveys/sum1.html
- http://kb.isc.org/article/AA-00269
- http://kb.isc.org/article/AA-00269
- http://www.securityfocus.com/archive/1/426368/100/0/threaded
- http://www.securityfocus.com/archive/1/426368/100/0/threaded
- http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf
- http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf