FreeBSD : bind -- Multiple Denial of Service vulnerabilities (3cb6f059-c69d-11db-9f82-000e0c2e438a)

high Nessus Plugin ID 24730

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A type * (ANY) query response containing multiple RRsets can trigger an assertion failure.

Certain recursive queries can cause the nameserver to crash by using memory which has already been freed. Impact : A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.

A remote attacker sending recursive queries can cause the nameserver to crash, resulting in a Denial of Service. Workaround : There is no workaround available, but systems which are not authoritative servers for DNSSEC signed zones are not affected by the first issue; and systems which do not permit untrusted users to perform recursive DNS resolution are not affected by the second issue. Note that the default configuration for named(8) in FreeBSD allows local access only (which on many systems is equivalent to refusing access to untrusted users).

Solution

Update the affected package.

See Also

http://www.nessus.org/u?fde5c4d4

Plugin Details

Severity: High

ID: 24730

File Name: freebsd_pkg_3cb6f059c69d11db9f82000e0c2e438a.nasl

Version: 1.16

Type: local

Published: 2/28/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:named, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2/27/2007

Vulnerability Publication Date: 2/9/2007

Reference Information

CVE: CVE-2007-0493, CVE-2007-0494

BID: 22229, 22231

FreeBSD: SA-07:02.bind