| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
A vulnerability classified as problematic has been found in ISC BIND 9.10.0/9.10.1 (Domain Name Software). This affects an unknown function of the component GeoIP Handler. The manipulation with an unknown input leads to a config vulnerability. CWE is classifying the issue as CWE-16. This is going to have an impact on availability.
The weakness was published 12/08/2014 as Defects in GeoIP features can cause BIND to crash as confirmed advisory (Website). It is possible to read the advisory at kb.isc.org. This vulnerability is uniquely identified as CVE-2014-8680 since 11/07/2014. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592.004 according to MITRE ATT&CK. The advisory points out:
Multiple errors have been identified in the GeoIP features added in BIND 9.10. Two are capable of crashing BIND -- triggering either can cause named to exit with an assertion failure, resulting in a denial of service condition. A third defect is also corrected, which could have caused GeoIP databases to not be loaded properly if their location was changed while BIND was running. The GeoIP features in BIND 9.10 are enabled by a compile-time option which is not selected by default. If you did not compile your BIND binary, or do not know whether you selected GeoIP features, you can test whether the functionality is compiled in by examining the output of the command "named -V" for "--with-geoip". Only servers which were compiled with GeoIP enabled can be affected by these defects. Servers which encounter either of the first two defects will terminate with an "assertion failure" error.
The vulnerability scanner Nessus provides a plugin with the ID 79861 (ISC BIND 9 Multiple DoS Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family DNS.
Upgrading to version 9.10.1-P1 eliminates this vulnerability. The upgrade is hosted for download at isc.org. A possible mitigation has been published immediately after the disclosure of the vulnerability. The advisory contains the following remark:
Of the two errors, the first can occur with server binaries which were configured with GeoIP enabled if an IPv4 GeoIP database is loaded but no corresponding IPv6 database is found or if an IPv6 GeoIP database is loaded but no corresponding IPv4 database is found. This error can be avoided by ensuring that both IPv6 and IPv4 GeoIP databases are loaded. A workaround for the second error is to disable IPv6 support by running named with the -4 option or configuring with "listen-on-v6 { none; };".
The vulnerability is also documented in the databases at X-Force (99188) and Tenable (79861). Further details are available at kb.isc.org. Similar entry is available at 68356.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.9
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: ConfigCWE: CWE-16
ATT&CK: T1592.004
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 79861
Nessus Name: ISC BIND 9 Multiple DoS Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 18627
OpenVAS Name: Gentoo Linux Local Check: https://security.gentoo.org/glsa/201502-03
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: BIND 9.10.1-P1
Timeline
11/07/2014 🔍12/08/2014 🔍
12/08/2014 🔍
12/08/2014 🔍
12/09/2014 🔍
12/09/2014 🔍
12/10/2014 🔍
12/14/2014 🔍
02/27/2022 🔍
Sources
Vendor: isc.orgAdvisory: Defects in GeoIP features can cause BIND to crash
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-8680 (🔍)
X-Force: 99188 - ISC BIND GeoIP features denial of service, Medium Risk
SecurityTracker: 1031312 - ISC BIND GeoIP Bugs Let Remote Users Deny Service
Vulnerability Center: 47577 - ISC BIND 9.10.0 Through 9.10.1 Remote DoS via Multiple Vectors, Medium
SecurityFocus: 71590
Misc.: 🔍
See also: 🔍
Entry
Created: 12/09/2014 09:12Updated: 02/27/2022 16:50
Changes: 12/09/2014 09:12 (76), 06/15/2017 11:23 (5), 02/27/2022 16:43 (3), 02/27/2022 16:50 (2)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.