Think you have a false positive on this rule?

Sid 1-40362

Message

PROTOCOL-DNS ISC BIND DNS duplicate cookie denial of service attempt

Summary

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

Impact

CVSS base score 6.8 CVSS impact score 4.0 CVSS exploitability score 2.2 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2016-2088:

CVSS base score 6.8

CVSS impact score 4.0

CVSS exploitability score 2.2

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2016-2088: resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

Affected systems

  • isc bind 9.10.0
  • isc bind 9.10.1
  • isc bind 9.10.2
  • isc bind 9.10.3

Ease of attack

CVE-2016-2088:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • kb.isc.org/article/AA-01351/0/CVE-2016-2088%3A-A-response-containing-multiple-DNS-cookies-causes-servers-with-cookie-support-enabled-to-exit-with-an-assertion-failure.html