FreeBSD : bind9 -- denial of service (30e4ed7b-1ca6-11da-bc01-000e0c2e438a)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Problem description

A DNSSEC-related validator function in BIND 9.3.0 contains an
inappropriate internal consistency test. When this test is triggered,
named(8) will exit.

Impact

On systems with DNSSEC enabled, a remote attacker may be able to
inject a specially crafted packet that will cause the internal
consistency test to trigger, and named(8) to terminate. As a result,
the name server will no longer be available to service requests.

Workaround

DNSSEC is not enabled by default, and the 'dnssec-enable' directive is
not normally present. If DNSSEC has been enabled, disable it by
changing the 'dnssec-enable' directive to 'dnssec-enable no;' in the
named.conf(5) configuration file.

See also :

http://www.nessus.org/u?93b26d47
http://www.isc.org/sw/bind/bind9.3.php#security
http://www.nessus.org/u?6a85238e

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21410 (freebsd_pkg_30e4ed7b1ca611dabc01000e0c2e438a.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0034

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now