Vulnerabilities > CVE-2006-0987 - Denial-Of-Service vulnerability in ISC Bind 9.3.2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
isc
nessus
metasploit

Summary

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. This vulnerability affects ISC, BIND versions 9.3.2 and previous.

Vulnerable Configurations

Part Description Count
Application
Isc
1

Metasploit

descriptionThis module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party.
idMSF:AUXILIARY/SCANNER/DNS/DNS_AMP
last seen2019-12-19
modified2017-08-27
published2014-01-29
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/dns/dns_amp.rb
titleDNS Amplification Scanner

Nessus

  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62224.NASL
    descriptionThe default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    last seen2020-06-01
    modified2020-06-02
    plugin id77254
    published2014-08-20
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77254
    titleAIX 6.1 TL 7 : bind9 (IV62224)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text in the description was extracted from AIX Security
    # Advisory bind9_advisory6.asc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77254);
      script_version("$Revision: 1.1 $");
      script_cvs_date("$Date: 2014/08/20 15:13:32 $");
    
      script_cve_id("CVE-2006-0987");
    
      script_name(english:"AIX 6.1 TL 7 : bind9 (IV62224)");
      script_summary(english:"Check for APAR IV62224");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The default configuration of ISC BIND before 9.4.1-P1, when configured
    as a caching name server, allows recursive queries and provides
    additional delegation information to arbitrary IP addresses, which
    allows remote attackers to cause a denial of service (traffic
    amplification via DNS queries with spoofed source IP addresses. Please
    see following for more information :
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory6.asc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate interim fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
    
    flag = 0;
    
    if (aix_check_ifix(release:"6.1", ml:"07", sp:"09", patch:"IV62224m9a", package:"bos.net.tcp.server", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.20") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62146.NASL
    descriptionThe default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    last seen2020-06-01
    modified2020-06-02
    plugin id77253
    published2014-08-20
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77253
    titleAIX 6.1 TL 8 : bind9 (IV62146)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text in the description was extracted from AIX Security
    # Advisory bind9_advisory6.asc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77253);
      script_version("$Revision: 1.1 $");
      script_cvs_date("$Date: 2014/08/20 15:13:32 $");
    
      script_cve_id("CVE-2006-0987");
    
      script_name(english:"AIX 6.1 TL 8 : bind9 (IV62146)");
      script_summary(english:"Check for APAR IV62146");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The default configuration of ISC BIND before 9.4.1-P1, when configured
    as a caching name server, allows recursive queries and provides
    additional delegation information to arbitrary IP addresses, which
    allows remote attackers to cause a denial of service (traffic
    amplification via DNS queries with spoofed source IP addresses. Please
    see following for more information :
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory6.asc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate interim fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
    
    flag = 0;
    
    if (aix_check_ifix(release:"6.1", ml:"08", sp:"04", patch:"IV62146m4a", package:"bos.net.tcp.server", minfilesetver:"6.1.8.0", maxfilesetver:"6.1.8.17") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV61090.NASL
    descriptionThe default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    last seen2020-06-01
    modified2020-06-02
    plugin id77251
    published2014-08-20
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77251
    titleAIX 7.1 TL 2 : bind9 (IV61090)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text in the description was extracted from AIX Security
    # Advisory bind9_advisory6.asc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77251);
      script_version("$Revision: 1.1 $");
      script_cvs_date("$Date: 2014/08/20 15:13:32 $");
    
      script_cve_id("CVE-2006-0987");
    
      script_name(english:"AIX 7.1 TL 2 : bind9 (IV61090)");
      script_summary(english:"Check for APAR IV61090");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The default configuration of ISC BIND before 9.4.1-P1, when configured
    as a caching name server, allows recursive queries and provides
    additional delegation information to arbitrary IP addresses, which
    allows remote attackers to cause a denial of service (traffic
    amplification via DNS queries with spoofed source IP addresses. Please
    see following for more information :
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory6.asc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate interim fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
    
    flag = 0;
    
    if (aix_check_ifix(release:"7.1", ml:"02", sp:"04", patch:"IV61090s4a", package:"bos.net.tcp.server", minfilesetver:"7.1.2.0", maxfilesetver:"7.1.2.17") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62225.NASL
    descriptionThe default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    last seen2020-06-01
    modified2020-06-02
    plugin id77255
    published2014-08-20
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77255
    titleAIX 6.1 TL 9 : bind9 (IV62225)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV61027.NASL
    descriptionThe default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    last seen2020-06-01
    modified2020-06-02
    plugin id77250
    published2014-08-20
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77250
    titleAIX 7.1 TL 3 : bind9 (IV61027)
  • NASL familyDNS
    NASL idDNS_AMPLIFICATION.NASL
    descriptionThe remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone (
    last seen2020-06-01
    modified2020-06-02
    plugin id35450
    published2009-01-22
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35450
    titleDNS Server Spoofed Request Amplification DDoS
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV62327.NASL
    descriptionThe default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    last seen2020-06-01
    modified2020-06-02
    plugin id77256
    published2014-08-20
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77256
    titleAIX 5.3 TL 12 : bind9 (IV62327)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV61093.NASL
    descriptionThe default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification via DNS queries with spoofed source IP addresses. Please see following for more information : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0987
    last seen2020-06-01
    modified2020-06-02
    plugin id77252
    published2014-08-20
    reporterThis script is Copyright (C) 2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77252
    titleAIX 7.1 TL 1 : bind9 (IV61093)