Vulnerabilities > CVE-2006-2073 - Denial Of Service vulnerability in ISC BIND TSIG Zone Transfer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Nessus
NASL family | DNS |
NASL id | BIND9_DOS2.NASL |
description | The version of BIND installed on the remote host suggests that it suffers from multiple denial of service vulnerabilities that could be triggered by either by sending a large volume of recursive queries or queries for SIG records where there are multiple SIG(covered) RRsets. Note that Nessus obtained the version by sending a special DNS request for the text |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22311 |
published | 2006-09-07 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22311 |
title | ISC BIND 9 Multiple Remote DoS |
Statements
contributor | Mark J Cox |
lastmodified | 2007-07-19 |
organization | Red Hat |
statement | This issue did not affect the version of bind as shipped with Red Hat Enterprise Linux 5. We do not believe this issue has a security consequence for earlier versions of Red Hat Enterprise Linux. For details please see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192192 |
References
- http://secunia.com/advisories/19808
- http://securitytracker.com/id?1015993
- http://www.kb.cert.org/vuls/id/955777
- http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en
- http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en
- http://www.securityfocus.com/bid/17692
- http://www.vupen.com/english/advisories/2006/1505
- http://www.vupen.com/english/advisories/2006/1537
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26081