- Home
- CVEs with nessus.description==According to its self-reported version number, the instance of ISC BIND running on the remote name server is affected by multiple denial of service vulnerabilities :
- A denial of service vulnerability exists in files sexpr.c and alist.c when handling control channel packets. An unauthenticated, remote attacker can exploit this, via crafted packets sent to the control channel (rndc) interface, to cause an assertion failure and daemon exit. (CVE-2016-1285)
- A denial of service vulnerability exists in resolver.c when DNS cookies are enabled. An unauthenticated, remote attacker can exploit this, via a malformed cookie with more than one cookie option, to cause an INSIST assertion failure and daemon exit. (CVE-2016-2088)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top