Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0987

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0987
Last Modified 19 Aug 2013 09:46:07
Published 03 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0987

Summary

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Vulnerable Systems

Application

  • Isc Bind 9.3.2


References

MISC - http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf

BUGTRAQ - 20060228 recursive DNS servers DDoS as a growing DDoS problem

MISC - http://dns.measurement-factory.com/surveys/sum1.html

CONFIRM - http://kb.isc.org/article/AA-00269


Last Updated: 27 May 2016 10:47:31