Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER ISC BIND malformed data channel authentication message denial of service attempt

Rule Explanation

This event is generated when a malformed channel authentication message is found in ISC Bind traffic. Impact: Attempted Denial of Service Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Details
Severity Base Score6.8
Impact Score4.0 Exploit Score2.2
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactHIGH Access Vector
Authentication Ease of Access