openSUSE Security Update : bind (openSUSE-2017-783)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for bind fixes the following issues :

- An attacker with the ability to send and receive
messages to an authoritative DNS server was able to
circumvent TSIG authentication of AXFR requests. A
server that relied solely on TSIG keys for protection
could be manipulated into (1) providing an AXFR of a
zone to an unauthorized recipient and (2) accepting
bogus Notify packets. [bsc#1046554, CVE-2017-3142]

- An attacker who with the ability to send and receive
messages to an authoritative DNS server and who had
knowledge of a valid TSIG key name for the zone and
service being targeted was able to manipulate BIND into
accepting an unauthorized dynamic update. [bsc#1046555,
CVE-2017-3143]

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1046554
https://bugzilla.opensuse.org/show_bug.cgi?id=1046555

Solution :

Update the affected bind packages.

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 101280 ()

Bugtraq ID:

CVE ID: CVE-2017-3142
CVE-2017-3143

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now