Think you have a false positive on this rule?

Sid 1-45738

Message

SERVER-OTHER ISC BIND malformed data channel authentication message denial of service attempt

Summary

This event is generated when a malformed channel authentication message is found in ISC Bind traffic.

Impact

Attempted Denial of Service

CVE-2016-1285:

CVSS base score 6.8

CVSS impact score 4.0

CVSS exploitability score 2.2

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2016-1285: named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

Affected systems

  • isc bind 9.0
  • isc bind 9.0.0
  • isc bind 9.0.1
  • isc bind 9.1
  • isc bind 9.1.0
  • isc bind 9.1.1
  • isc bind 9.1.2
  • isc bind 9.1.3
  • isc bind 9.2
  • isc bind 9.2.0
  • isc bind 9.2.1
  • isc bind 9.2.2
  • isc bind 9.2.3
  • isc bind 9.2.4
  • isc bind 9.2.5
  • isc bind 9.2.6
  • isc bind 9.2.7
  • isc bind 9.2.8
  • isc bind 9.2.9
  • isc bind 9.3
  • isc bind 9.3.0
  • isc bind 9.3.1
  • isc bind 9.3.2
  • isc bind 9.3.3
  • isc bind 9.3.4
  • isc bind 9.3.5
  • isc bind 9.3.6
  • isc bind 9.4
  • isc bind 9.4.0
  • isc bind 9.4.1
  • isc bind 9.4.2
  • isc bind 9.4.3
  • isc bind 9.5
  • isc bind 9.5.0
  • isc bind 9.5.1
  • isc bind 9.5.2
  • isc bind 9.5.3
  • isc bind 9.6
  • isc bind 9.6.0
  • isc bind 9.6.1
  • isc bind 9.6.2
  • isc bind 9.6.3
  • isc bind 9.7.0
  • isc bind 9.7.1
  • isc bind 9.7.2
  • isc bind 9.7.3
  • isc bind 9.7.4
  • isc bind 9.7.5
  • isc bind 9.7.6
  • isc bind 9.7.7
  • isc bind 9.8.0
  • isc bind 9.8.1
  • isc bind 9.8.2
  • isc bind 9.8.3
  • isc bind 9.8.4
  • isc bind 9.8.5
  • isc bind 9.8.6
  • isc bind 9.9.0
  • isc bind 9.9.1
  • isc bind 9.9.2
  • isc bind 9.9.3
  • isc bind 9.9.4
  • isc bind 9.9.5
  • isc bind 9.9.6
  • isc bind 9.9.7
  • isc bind 9.9.8
  • isc bind 9.10.0
  • isc bind 9.10.1
  • isc bind 9.10.2
  • isc bind 9.10.3
  • novell suse_manager 2.1
  • novell susemanagerproxy 2.1
  • novell suseopenstackcloud 5

Ease of attack

CVE-2016-1285:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • kb.isc.org/article/AA-01363/81/BIND-9.10.3-P4-Release-Notes.html