Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2006-310-01)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and 11.0 to fix security issues. The minimum OpenSSL
version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid
exposure to known security flaws in older versions (these patches were
already issued for Slackware). If you have not upgraded yet, get those
as well to prevent a potentially exploitable security problem in
named. In addition, the default RSA exponent was changed from 3 to
65537. Both of these issues are essentially the same as ones
discovered in OpenSSL at the end of September 2006, only now there's
protection against compiling using the wrong OpenSSL version. RSA keys
using exponent 3 (which was previously BIND's default) will need to be
regenerated to protect against the forging of RRSIGs.

See also :

http://www.nessus.org/u?51d8af47

Solution :

Update the affected bind package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Slackware Local Security Checks

Nessus Plugin ID: 54867 ()

Bugtraq ID: 19849

CVE ID: CVE-2006-4339