This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote Slackware host is missing a security update.
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and 11.0 to fix security issues. The minimum OpenSSL
version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid
exposure to known security flaws in older versions (these patches were
already issued for Slackware). If you have not upgraded yet, get those
as well to prevent a potentially exploitable security problem in
named. In addition, the default RSA exponent was changed from 3 to
65537. Both of these issues are essentially the same as ones
discovered in OpenSSL at the end of September 2006, only now there's
protection against compiling using the wrong OpenSSL version. RSA keys
using exponent 3 (which was previously BIND's default) will need to be
regenerated to protect against the forging of RRSIGs.
See also :
Update the affected bind package.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false
Family: Slackware Local Security Checks
Nessus Plugin ID: 54867 ()
Bugtraq ID: 19849
CVE ID: CVE-2006-4339
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.