Detections
Analytics
SuSE 11.3 Security Update : bind (SAT Patch Number 10100)
high Nessus Plugin ID 80389
Language:
Synopsis
The remote SuSE 11 host is missing one or more security updates.Description
bind has been updated to version 9.9.6P1, fixing the following security issue :- A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow (default 7), and the number of iterative queries that it will send (default 50) before terminating a recursive query. (CVE-2014-8500, bnc#908994)
- The recursion depth limit is configured via the 'max-recursion-depth' option, and the query limit via the 'max-recursion-queries' option. Additionally, two non-security issues have been fixed :
- Fix a multi-thread issue with IXFR. (bnc#882511)
- Fix handling of TXT records in ldapdump. (bnc#743758)
Solution
Apply SAT patch number 10100.See Also
https://bugzilla.novell.com/show_bug.cgi?id=743758
https://bugzilla.novell.com/show_bug.cgi?id=882511
Plugin Details
Severity: High
ID: 80389
File Name: suse_11_bind-141217.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 1/6/2015
Updated: 1/19/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:bind, p-cpe:/a:novell:suse_linux:11:bind-chrootenv, p-cpe:/a:novell:suse_linux:11:bind-doc, p-cpe:/a:novell:suse_linux:11:bind-libs, p-cpe:/a:novell:suse_linux:11:bind-libs-32bit, p-cpe:/a:novell:suse_linux:11:bind-utils, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 12/17/2014
Reference Information
CVE: CVE-2014-8500