This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
The DNS query id generation code in BIND9 is vulnerable to
cryptographic analysis which provides a 1-in-8 change of guessing the
next query ID for 50% of the query IDs, which could be used by a
remote attacker to perform cache poisoning by an attacker
As well, in BIND9 9.4.x, the default ACLs were note being correctly
set, which could allow anyone to make recursive queries and/or query
the cache contents (CVE-2007-2925).
This update provides packages which are patched to prevent these
See also :
Update the affected bind, bind-devel and / or bind-utils packages.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : true