Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-207-01)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, 11.0, and 12.0 to fix security issues. The first issue
which allows remote attackers to make recursive queries only affects
Slackware 12.0. More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 The second
issue is the discovery that BIND9's query IDs are cryptographically
weak. This issue affects the versions of BIND9 in all supported
Slackware versions. More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

See also :

http://www.nessus.org/u?c5c1303b

Solution :

Update the affected bind package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

Family: Slackware Local Security Checks

Nessus Plugin ID: 54868 ()

Bugtraq ID:

CVE ID: CVE-2007-2925
CVE-2007-2926