This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated bind packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
a resolver library (routines for applications to use when
interfacing with DNS)
and tools for verifying that the DNS server is
Michael Sinatra discovered that BIND was incorrectly caching responses
without performing proper DNSSEC validation, when those responses were
received during the resolution of a recursive client query that
requested DNSSEC records but indicated that checking should be
disabled. A remote attacker could use this flaw to bypass the DNSSEC
validation check and perform a cache poisoning attack if the target
BIND server was receiving such client queries. (CVE-2009-4022)
All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.3
Public Exploit Available : false