7.8 - VU#264212

Executive Summary

Summary
Title	Recursive DNS resolver implementations may follow referrals infinitely

Informations
Name	VU#264212	First vendor Publication	2014-12-09
Vendor	VU-CERT	Last vendor Modification	2015-01-12
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#264212

Recursive DNS resolver implementations may follow referrals infinitely

Original Release date: 09 Dec 2014 | Last revised: 12 Jan 2015

Overview

Recursive DNS resolvers may become stuck following an infinite chain of referrals due to a malicious authoritative server.

Description

RFC 1034 describes the standard technical issues of enabling domain delegations in DNS, but does not provide a specific implementation, leaving DNS servers to provide their own methods to implement RFC 1034. In some implementations of recursive resolvers, a query to a malicious authoritative server may cause the resolver to follow an infinite chain of referrals. Attempting to follow the infinite chain can cause a denial-of-service (DoS) situation on the DNS resolver due to resource exhaustion.

This issue primarily affects recursive resolvers. Additionally, as noted in ISC Security Advisory AA-01216: "Authoritative servers can be affected if an attacker can control a delegation traversed by the authoritative server in servicing the zone."

Depending on how the resolver handles out-of-bailiwick glue records and performs simultaneous queries, it may also be possible to cause the resolver to perform a DoS attack on a target using DNS traffic.

Impact

A recursive DNS resolver following an infinite chain of referrals can result in high process memory and CPU usage and eventually process termination. The effect can range from increased server response time to clients to complete interruption of the service.

Resolvers that follow multiple referrals at once can cause large bursts of network traffic.

Solution

Apply an update

These issues are addressed by limiting the maximum number of referrals followed and the number of simultaneous queries. See the Vendor Information section below for information about specific vendors.

Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
EfficientIP	Affected	11 Dec 2014	22 Dec 2014
Infoblox	Affected	24 Nov 2014	11 Dec 2014
Internet Systems Consortium	Affected	-	09 Dec 2014
MaraDNS	Affected	03 Dec 2014	12 Jan 2015
NLnet Labs	Affected	-	09 Dec 2014
PowerDNS	Affected	-	09 Dec 2014
CZ NIC	Not Affected	17 Dec 2014	18 Dec 2014
djbdns	Not Affected	03 Dec 2014	10 Dec 2014
dnsmasq	Not Affected	03 Dec 2014	05 Dec 2014
European Registry for Internet Domains	Not Affected	17 Dec 2014	18 Dec 2014
gdnsd	Not Affected	17 Dec 2014	18 Dec 2014
GNU adns	Not Affected	03 Dec 2014	17 Dec 2014
GNU glibc	Not Affected	-	18 Dec 2014
Microsoft Corporation	Not Affected	18 Dec 2014	29 Dec 2014
Nominum	Not Affected	24 Nov 2014	09 Dec 2014

If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group	Score	Vector
Base	4.3	AV:N/AC:M/Au:N/C:N/I:N/A:P
Temporal	3.4	E:POC/RL:OF/RC:C
Environmental	3.4	CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

https://www.ietf.org/rfc/rfc1034.txt
http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html

Credit

ISC would like to thank Florian Maury (ANSSI) for discovering and reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs:CVE-2014-8601CVE-2014-8500CVE-2014-8602
Date Public:08 Dec 2014
Date First Published:09 Dec 2014
Date Last Updated:12 Jan 2015
Document Revision:50

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/264212

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27828

Oval ID:	oval:org.mitre.oval:def:27828
Title:	USN-2437-1 -- Bind vulnerability
Description:	Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service.
Family:	unix	Class:	patch
Reference(s):	USN-2437-1 CVE-2014-8500	Version:	3
Platform(s):	Ubuntu 14.10 Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	bind9
Definition Synopsis:
Ubuntu 14.10 release section Ubuntu 14.10 is installed AND bind9 is earlier than 1:9.9.5.dfsg-4.3ubuntu0.1 AND Ubuntu 14.04 release section Ubuntu 14.04 is installed AND bind9 is earlier than 1:9.9.5.dfsg-3ubuntu0.1 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND bind9 is earlier than 1:9.8.1.dfsg.P1-4ubuntu0.9 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND bind9 is earlier than 1:9.7.0.dfsg.P1-1ubuntu0.12

Definition Id: oval:org.mitre.oval:def:28002

Oval ID:	oval:org.mitre.oval:def:28002
Title:	DSA-3096-1 -- pdns-recursor security update
Description:	Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service.
Family:	unix	Class:	patch
Reference(s):	DSA-3096-1 CVE-2014-8601	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	pdns-recursor
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND pdns-recursor is earlier than 0:3.3-3+deb7u1

Definition Id: oval:org.mitre.oval:def:28079

Oval ID:	oval:org.mitre.oval:def:28079
Title:	ELSA-2014-1985 -- bind97 security update (important)
Description:	[32:9.7.0-21.P2.1] - Fix CVE-2014-8500 (#1171972)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1985 CVE-2014-8500	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	bind97
Definition Synopsis:
Oracle Linux 5.x Packages match section bind97 is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-chroot is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-devel is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-libs is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-utils is earlier than 32:9.7.0-21.P2.el5_11.1

Definition Id: oval:org.mitre.oval:def:28292

Oval ID:	oval:org.mitre.oval:def:28292
Title:	DSA-3094-1 -- bind9 security update
Description:	It was discovered that BIND, a DNS server, is prone to a denial of service vulnerability.
Family:	unix	Class:	patch
Reference(s):	DSA-3094-1 CVE-2014-8500	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	bind9
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND bind9 is earlier than 1:9.8.4.dfsg.P1-6+nmu2+deb7u3

Definition Id: oval:org.mitre.oval:def:28311

Oval ID:	oval:org.mitre.oval:def:28311
Title:	HP-UX Running BIND Remote Denial of Service (DoS)
Description:	ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-8500	Version:	7
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
HP-UX B.11.31 AND filesets test NameService.BIND-AUX version is less than C.9.7.3.6.0 AND NameService.BIND-RUN version is less than C.9.7.3.6.0

Definition Id: oval:org.mitre.oval:def:28332

Oval ID:	oval:org.mitre.oval:def:28332
Title:	DSA-3097-1 -- unbound security update
Description:	Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit (or make emit) queries to the server can trick the resolver into following an endless series of delegations, leading to resource exhaustion and huge network usage.
Family:	unix	Class:	patch
Reference(s):	DSA-3097-1 CVE-2014-8602	Version:	3
Platform(s):	Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0	Product(s):	unbound
Definition Synopsis:
Debian 7 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND unbound is earlier than 0:1.4.17-3+deb7u2

Definition Id: oval:org.mitre.oval:def:28485

Oval ID:	oval:org.mitre.oval:def:28485
Title:	ELSA-2014-1984 -- bind security update (important)
Description:	[32:9.9.4-14.0.1.el7_0.1] - Rebuild to fix libmysqlclient dependency [32:9.9.4-14.1] - Fix CVE-2014-8500 (#1171975)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1984 CVE-2014-8500	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6 Oracle Linux 7	Product(s):	bind
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section bind is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-chroot is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libbind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libs is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-sdb is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-utils is earlier than 30:9.3.6-25.P1.el5_11.2 AND caching-nameserver is earlier than 30:9.3.6-25.P1.el5_11.2 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section bind is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-chroot is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-devel is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-libs is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-sdb is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-utils is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND Oracle Linux 7 release section Oracle Linux 7.x Packages match section bind is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-chroot is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-devel is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-libs is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-libs-lite is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-license is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-lite-devel is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-sdb is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-sdb-chroot is earlier than 32:9.9.4-14.0.1.el7_0.1 AND bind-utils is earlier than 32:9.9.4-14.0.1.el7_0.1

Definition Id: oval:org.mitre.oval:def:28498

Oval ID:	oval:org.mitre.oval:def:28498
Title:	RHSA-2014:1985 -- bind97 security update (Important)
Description:	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1985 CESA-2014:1985 CVE-2014-8500	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	bind97
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section bind97 is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-chroot is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-debuginfo is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-devel is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-libs is earlier than 32:9.7.0-21.P2.el5_11.1 AND bind97-utils is earlier than 32:9.7.0-21.P2.el5_11.1

Definition Id: oval:org.mitre.oval:def:28588

Oval ID:	oval:org.mitre.oval:def:28588
Title:	RHSA-2014:1984 -- bind security update (Important)
Description:	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1984 CESA-2014:1984-CentOS 6 CESA-2014:1984-CentOS 7 CESA-2014:1984-CentOS 5 CVE-2014-8500	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 CentOS Linux 6 CentOS Linux 7 CentOS Linux 5	Product(s):	bind
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section bind-chroot is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-debuginfo is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libbind-devel is earlier than 30:9.3.6-25.P1.el5_11.2 AND caching-nameserver is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-libs is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-sdb is earlier than 30:9.3.6-25.P1.el5_11.2 AND bind-utils is earlier than 30:9.3.6-25.P1.el5_11.2 AND Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section bind is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-chroot is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-devel is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-libs is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-sdb is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND bind-utils is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND bind-debuginfo is earlier than 32:9.8.2-0.30.rc1.el6_6.1 AND Red Hat Enterprise Linux 7 and CentOS Linux 7 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 7 AND The operating system installed on the system is CentOS Linux 7.x Packages match section bind is earlier than 32:9.9.4-14.el7_0.1 AND bind-chroot is earlier than 32:9.9.4-14.el7_0.1 AND bind-devel is earlier than 32:9.9.4-14.el7_0.1 AND bind-libs is earlier than 32:9.9.4-14.el7_0.1 AND bind-libs-lite is earlier than 32:9.9.4-14.el7_0.1 AND bind-license is earlier than 32:9.9.4-14.el7_0.1 AND bind-lite-devel is earlier than 32:9.9.4-14.el7_0.1 AND bind-sdb is earlier than 32:9.9.4-14.el7_0.1 AND bind-sdb-chroot is earlier than 32:9.9.4-14.el7_0.1 AND bind-utils is earlier than 32:9.9.4-14.el7_0.1 AND Red Hat Enterprise Linux 7 release section The operating system installed on the system is Red Hat Enterprise Linux 7 AND bind-debuginfo is earlier than 32:9.9.4-14.el7_0.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Isc Bind cpe:2.3:a:isc:bind:9.9.6:::::::* cpe:2.3:a:isc:bind:9.9.5:::::::* cpe:2.3:a:isc:bind:9.9.4:::::::* cpe:2.3:a:isc:bind:9.9.3:::::::* cpe:2.3:a:isc:bind:9.9.2:::::::* cpe:2.3:a:isc:bind:9.9.1:::::::* cpe:2.3:a:isc:bind:9.9.0:::::::* cpe:2.3:a:isc:bind:9.8.6:::::::* cpe:2.3:a:isc:bind:9.8.5::::-::: cpe:2.3:a:isc:bind:9.8.4::::-::: cpe:2.3:a:isc:bind:9.8.3::::-::: cpe:2.3:a:isc:bind:9.8.2::::-::: cpe:2.3:a:isc:bind:9.8.1::::-::: cpe:2.3:a:isc:bind:9.8.0::::-::: cpe:2.3:a:isc:bind:9.7.7::::-::: cpe:2.3:a:isc:bind:9.7.6::::-::: cpe:2.3:a:isc:bind:9.7.5::::-::: cpe:2.3:a:isc:bind:9.7.4::::-::: cpe:2.3:a:isc:bind:9.7.3::::-::: cpe:2.3:a:isc:bind:9.7.2::::-::: cpe:2.3:a:isc:bind:9.7.1::::-::: cpe:2.3:a:isc:bind:9.7.0::::-::: cpe:2.3:a:isc:bind:9.6.3::::-::: cpe:2.3:a:isc:bind:9.6.2::::-::: cpe:2.3:a:isc:bind:9.6.1::::-::: cpe:2.3:a:isc:bind:9.6.0::::-::: cpe:2.3:a:isc:bind:9.5.3:::::::* cpe:2.3:a:isc:bind:9.5.2::::-::: cpe:2.3:a:isc:bind:9.5.1::::-::: cpe:2.3:a:isc:bind:9.5.0::::-::: cpe:2.3:a:isc:bind:9.5::::-::: cpe:2.3:a:isc:bind:9.4.3::::-::: cpe:2.3:a:isc:bind:9.4.2::::-::: cpe:2.3:a:isc:bind:9.4.1::::-::: cpe:2.3:a:isc:bind:9.4.0::::-::: cpe:2.3:a:isc:bind:9.4::::-::: cpe:2.3:a:isc:bind:9.3.6::::-::: cpe:2.3:a:isc:bind:9.3.5::::-::: cpe:2.3:a:isc:bind:9.3.4::::-::: cpe:2.3:a:isc:bind:9.3.3::::-::: cpe:2.3:a:isc:bind:9.3.2::::-::: cpe:2.3:a:isc:bind:9.3.1::::-::: cpe:2.3:a:isc:bind:9.3.0::::-::: cpe:2.3:a:isc:bind:9.3::::-::: cpe:2.3:a:isc:bind:9.2.9::::-::: cpe:2.3:a:isc:bind:9.2.8::::-::: cpe:2.3:a:isc:bind:9.2.7::::-::: cpe:2.3:a:isc:bind:9.2.6::::-::: cpe:2.3:a:isc:bind:9.2.5::::-::: cpe:2.3:a:isc:bind:9.2.4::::-::: cpe:2.3:a:isc:bind:9.2.3::::-::: cpe:2.3:a:isc:bind:9.2.2::::-::: cpe:2.3:a:isc:bind:9.2.1::::-::: cpe:2.3:a:isc:bind:9.2.0::::-::: cpe:2.3:a:isc:bind:9.2::::-::: cpe:2.3:a:isc:bind:9.10.1:::::::* cpe:2.3:a:isc:bind:9.10.0:::::::* cpe:2.3:a:isc:bind:9.1.3::::-::: cpe:2.3:a:isc:bind:9.1.2::::-::: cpe:2.3:a:isc:bind:9.1.1::::-::: cpe:2.3:a:isc:bind:9.1::::-::: cpe:2.3:a:isc:bind:9.0.1::::-::: cpe:2.3:a:isc:bind:9.0::::-:::	63
Application	Nlnetlabs Unbound cpe:2.3:a:nlnetlabs:unbound:1.4.9:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.8:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.7:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.6:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.5:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.4:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.3:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.2:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.1:::::::* cpe:2.3:a:nlnetlabs:unbound:1.4.0:::::::* cpe:2.3:a:nlnetlabs:unbound:1.3.4:::::::* cpe:2.3:a:nlnetlabs:unbound:1.3.3:::::::* cpe:2.3:a:nlnetlabs:unbound:1.3.2:::::::* cpe:2.3:a:nlnetlabs:unbound:1.3.1:::::::* cpe:2.3:a:nlnetlabs:unbound:1.3.0:::::::* cpe:2.3:a:nlnetlabs:unbound:1.2.1:::::::* cpe:2.3:a:nlnetlabs:unbound:1.2.0:::::::* cpe:2.3:a:nlnetlabs:unbound:1.1.1:::::::* cpe:2.3:a:nlnetlabs:unbound:1.1.0:::::::* cpe:2.3:a:nlnetlabs:unbound:1.0.2:::::::* cpe:2.3:a:nlnetlabs:unbound:1.0.1:::::::* cpe:2.3:a:nlnetlabs:unbound:1.0.0:::::::* cpe:2.3:a:nlnetlabs:unbound:0.8:::::::* cpe:2.3:a:nlnetlabs:unbound:0.7.2:::::::* cpe:2.3:a:nlnetlabs:unbound:0.7.1:::::::* cpe:2.3:a:nlnetlabs:unbound:0.7:::::::* cpe:2.3:a:nlnetlabs:unbound:0.6:::::::* cpe:2.3:a:nlnetlabs:unbound:0.5:::::::* cpe:2.3:a:nlnetlabs:unbound:0.4:::::::* cpe:2.3:a:nlnetlabs:unbound:0.3:::::::* cpe:2.3:a:nlnetlabs:unbound:0.2:::::::* cpe:2.3:a:nlnetlabs:unbound:0.11:::::::* cpe:2.3:a:nlnetlabs:unbound:0.10:::::::* cpe:2.3:a:nlnetlabs:unbound:0.1:::::::* cpe:2.3:a:nlnetlabs:unbound:0.09:::::::* cpe:2.3:a:nlnetlabs:unbound:0.0:::::::* cpe:2.3:a:nlnetlabs:unbound::::::::	37
Application	Powerdns Recursor cpe:2.3:a:powerdns:recursor:3.6.1:::::::* cpe:2.3:a:powerdns:recursor:3.6.0:::::::* cpe:2.3:a:powerdns:recursor:3.5.3:::::::* cpe:2.3:a:powerdns:recursor:3.5.2:::::::* cpe:2.3:a:powerdns:recursor:3.5.1:::::::* cpe:2.3:a:powerdns:recursor:3.5:::::::* cpe:2.3:a:powerdns:recursor:3.1.7.1:::::::* cpe:2.3:a:powerdns:recursor:3.1.7:::::::* cpe:2.3:a:powerdns:recursor:3.1.6:::::::* cpe:2.3:a:powerdns:recursor:3.1.5:::::::* cpe:2.3:a:powerdns:recursor:3.1.4:::::::* cpe:2.3:a:powerdns:recursor:3.1.3:::::::* cpe:2.3:a:powerdns:recursor:3.1.2:::::::* cpe:2.3:a:powerdns:recursor:3.1.1:::::::* cpe:2.3:a:powerdns:recursor:3.1:::::::* cpe:2.3:a:powerdns:recursor:3.0.1:::::::* cpe:2.3:a:powerdns:recursor:3.0:::::::* cpe:2.3:a:powerdns:recursor:2.9.18:::::::* cpe:2.3:a:powerdns:recursor:2.9.17:::::::* cpe:2.3:a:powerdns:recursor:2.9.16:::::::* cpe:2.3:a:powerdns:recursor:2.9.15:::::::* cpe:2.3:a:powerdns:recursor:2.8:::::::* cpe:2.3:a:powerdns:recursor:2.0_rc1:::::::* cpe:2.3:a:powerdns:recursor::::::::	24
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::	2
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::*	1

Snort® IPS/IDS

Date	Description
2015-03-31	ISC BIND recursive resolver resource consumption denial of service attempt RuleID : 33583 - Revision : 8 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date	Description
2017-04-21	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2016-06-22	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0055.nasl - Type : ACT_GATHER_INFO
2016-01-29	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0078.nasl - Type : ACT_GATHER_INFO
2016-01-15	Name : The remote name server is affected by a denial of service vulnerability. File : powerdns_recursor_3_6_2.nasl - Type : ACT_GATHER_INFO
2016-01-12	Name : The remote name server is affected by a denial of service vulnerability. File : unbound_1_5_1.nasl - Type : ACT_GATHER_INFO
2015-12-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151119_unbound_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2455.nasl - Type : ACT_GATHER_INFO
2015-11-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2455.nasl - Type : ACT_GATHER_INFO
2015-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2455.nasl - Type : ACT_GATHER_INFO
2015-09-22	Name : The remote host is missing a security update for OS X Server. File : macosx_server_5_0_3.nasl - Type : ACT_GATHER_INFO
2015-07-31	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0105.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0096-1.nasl - Type : ACT_GATHER_INFO
2015-04-22	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-111-01.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-165.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-112.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-107.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-104.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15927.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68997.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68996.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68995.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68994.nasl - Type : ACT_GATHER_INFO
2015-02-25	Name : The remote AIX host is missing a security patch. File : aix_IV68993.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote name server is affected by multiple vulnerabilities. File : bind9_997_rc2.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote name server is affected by multiple vulnerabilities. File : bind9_9102_rc2.nasl - Type : ACT_GATHER_INFO
2015-02-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201502-03.nasl - Type : ACT_GATHER_INFO
2015-02-09	Name : The remote Fedora host is missing a security update. File : fedora_2015-1263.nasl - Type : ACT_GATHER_INFO
2015-02-05	Name : The remote Fedora host is missing a security update. File : fedora_2015-1198.nasl - Type : ACT_GATHER_INFO
2015-01-27	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2484-1.nasl - Type : ACT_GATHER_INFO
2015-01-09	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-465.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote Fedora host is missing a security update. File : fedora_2014-16576.nasl - Type : ACT_GATHER_INFO
2015-01-06	Name : The remote Fedora host is missing a security update. File : fedora_2014-16557.nasl - Type : ACT_GATHER_INFO
2014-12-26	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0084.nasl - Type : ACT_GATHER_INFO
2014-12-26	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-800.nasl - Type : ACT_GATHER_INFO
2014-12-26	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15931.nasl - Type : ACT_GATHER_INFO
2014-12-23	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-798.nasl - Type : ACT_GATHER_INFO
2014-12-23	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-33.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote Fedora host is missing a security update. File : fedora_2014-16671.nasl - Type : ACT_GATHER_INFO
2014-12-22	Name : The remote Fedora host is missing a security update. File : fedora_2014-16647.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1985.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1984.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-238.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ab3e98d9817511e4907dd050992ecde8.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3097.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3096.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1985.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1984.nasl - Type : ACT_GATHER_INFO
2014-12-12	Name : The remote name server is affected by multiple denial of service vulnerabilit... File : bind9_9101_p1.nasl - Type : ACT_GATHER_INFO
2014-12-10	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2437-1.nasl - Type : ACT_GATHER_INFO
2014-12-09	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3094.nasl - Type : ACT_GATHER_INFO
2014-12-09	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_10d735297f4b11e4af6600215af774f0.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-01-16 13:26:31	Multiple Updates
2016-01-13 13:25:14	Multiple Updates
2015-03-31 21:26:22	Multiple Updates
2015-02-10 13:24:30	Multiple Updates
2015-02-06 13:24:30	Multiple Updates
2015-01-12 21:26:33	Multiple Updates
2014-12-30 17:23:16	Multiple Updates
2014-12-29 21:22:58	Multiple Updates
2014-12-24 00:22:18	Multiple Updates
2014-12-23 05:25:57	Multiple Updates
2014-12-22 21:22:27	Multiple Updates
2014-12-19 21:22:01	Multiple Updates
2014-12-19 00:21:41	Multiple Updates
2014-12-18 21:22:03	Multiple Updates
2014-12-18 13:23:11	Multiple Updates
2014-12-18 00:21:47	Multiple Updates
2014-12-16 13:25:54	Multiple Updates
2014-12-15 21:22:32	Multiple Updates
2014-12-12 09:31:00	Multiple Updates
2014-12-12 00:20:57	Multiple Updates
2014-12-11 21:27:21	Multiple Updates
2014-12-11 09:28:00	Multiple Updates
2014-12-10 21:28:56	Multiple Updates
2014-12-10 21:23:20	Multiple Updates
2014-12-10 09:22:48	First insertion

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	9
CPE ID(s)	127
Snort® Rule(s)	1
Nessus® Exploit(s)	51

	Related
7.8	CVE-2014-8500
5	CVE-2014-8601
4.3	CVE-2014-8602
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)