SUSE-SA:2002:044: bind8

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2002:044 (bind8).


The security research company ISS (Internet Security Services)
has discovered several vulnerabilities in the BIND8 name server,
including a remotely exploitable buffer overflow.


1. There is a buffer overflow in the way named handles
SIG records. This buffer overflow can be exploited to
obtain access to the victim host under the account
the named process is running with.

2. There are several Denial Of Service problems in BIND8
that allow remote attackers to terminate the name server
process.

Both vulnerabilities are addressed by this update, using patches
originating from ISC.

Solution :

http://www.suse.de/security/2002_004_bind8.html

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 13765 ()

Bugtraq ID:

CVE ID: CVE-2002-1219
CVE-2002-1221

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now