This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
The DNS protocol protects against spoofing attacks by requiring an
attacker to predict both the DNS transaction ID and UDP source port of
a request. In recent years, a number of papers have found problems
with DNS implementations which make it easier for an attacker to
perform DNS cache-poisoning attacks.
Previous versions of BIND did not use randomized UDP source ports. If
an attacker was able to predict the random DNS transaction ID, this
could make DNS cache-poisoning attacks easier. In order to provide
more resilience, BIND has been updated to use a range of random UDP
source ports. (CVE-2008-1447)
Note: This errata also updates SELinux policy to allow BIND to use
random UDP source ports.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0