This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
CVE-2009-4022 bind: cache poisoning using not validated DNSSEC
Michael Sinatra discovered that BIND was incorrectly caching responses
without performing proper DNSSEC validation, when those responses were
received during the resolution of a recursive client query that
requested DNSSEC records but indicated that checking should be
disabled. A remote attacker could use this flaw to bypass the DNSSEC
validation check and perform a cache poisoning attack if the target
BIND server was receiving such client queries. (CVE-2009-4022)
After installing the update, the BIND daemon (named) will be restarted
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 2.6
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60697 ()
CVE ID: CVE-2009-4022
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.