This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200908-02
(BIND: Denial of Service)
Matthias Urlichs reported that the dns_db_findrdataset() function fails
when the prerequisite section of the dynamic update message contains a
record of type 'ANY' and where at least one RRset for this FQDN exists
on the server.
A remote unauthenticated attacker could send a specially crafted
dynamic update message to the BIND daemon (named), leading to a Denial
of Service (daemon crash). This vulnerability affects all primary
(master) servers -- it is not limited to those that are configured to
allow dynamic updates.
Configure a firewall that performs Deep Packet Inspection to prevent
nsupdate messages from reaching named. Alternatively, expose only
secondary (slave) servers to untrusted networks.
See also :
All BIND users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-dns/bind-9.4.3_p3'
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 40463 (gentoo_GLSA-200908-02.nasl)
Bugtraq ID: 35848
CVE ID: CVE-2009-0696
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.