Mandrake Linux Security Advisory : bind (MDKSA-2007:030)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up
to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum
only) allows remote attackers to cause a denial of service (named
daemon crash) via unspecified vectors that cause named to 'dereference
a freed fetch context.' (CVE-2007-0493)

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1
up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind
Forum only) allows remote attackers to cause a denial of service
(exit) via a type * (ANY) DNS query response that contains multiple
RRsets, which triggers an assertion error. (CVE-2007-0494)

The updated packages have been patched to correct these issues.

Solution :

Update the affected bind, bind-devel and / or bind-utils packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 24643 (mandrake_MDKSA-2007-030.nasl)

Bugtraq ID: 22229
22231

CVE ID: CVE-2007-0493
CVE-2007-0494

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now