Think you have a false positive on this rule?

Sid 1-15734

Summary:

    PROTOCOL-DNS BIND named 9 dynamic update message remote dos attempt

Impact:

    Confidentiality Impact: NONE Integrity Impact: NONE Availability Impact: PARTIAL

Detailed Information:

    The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.

Affected Systems:

    isc bind 9.6.0b1
    isc bind 9.5.0 p2 w1 windows
    isc bind 9.5.0 p2 w2
    isc bind 9.5.0 p2 w1
    isc bind 9.4.0 rc1
    isc bind 9.4.3 rc1
    isc bind 9.6.0 rc2
    isc bind 9.6.0 rc1
    isc bind 9.5.0b1
    isc bind 9.5.0b3
    isc bind 9.5.0b2
    isc bind 9.5.1
    isc bind 9.5.0
    isc bind 9.4.2 p2 w1 windows
    isc bind 9.6.0a1
    isc bind 9.5.0a1 bind forum
    isc bind 9.5.0a7
    isc bind 9.4
    isc bind 9.5.0a2
    isc bind 9.5.0a1
    isc bind 9.5.0a4
    isc bind 9.5.0a3
    isc bind 9.5.0a6
    isc bind 9.5.0a5
    isc bind 9.4.3b3
    isc bind 9.4.3b2
    isc bind 9.4.3b1
    isc bind 9.5.0 rc1
    isc bind 9.5.1 rc2
    isc bind 9.5.1 rc1
    isc bind 9.5.1b2
    isc bind 9.5.1b1
    isc bind 9.5.1b3
    isc bind 9.4.2
    isc bind 9.6.0
    isc bind 9.4.0a6
    isc bind 9.4.1
    isc bind 9.4.0
    isc bind 9.4.0a5
    isc bind 9.4.0a4
    isc bind 9.4.0a3
    isc bind 9.4.0a2
    isc bind 9.4.0a1
    isc bind 9.4.3
    isc bind 9.6.1
    isc bind 9.5
    isc bind 9.5.0 p1
    isc bind 9.5.0 p2
    isc bind 9.6.0 p1
    isc bind 9.4.3 p2
    isc bind 9.4.0b4
    isc bind 9.4.0b3
    isc bind 9.4.0b2
    isc bind 9.4.0b1

Attack Scenarios:

    No data available

False Positives:

    None known

False Negatives:

    None known

Corrective Action:

    Upgrade to the latest non-affected version
    Apply vendor-provided patches

Contributors:

    No data available

Additional References: