Mandrake Linux Security Advisory : bind (MDKSA-2007:149)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.

Synopsis :

The remote Mandrake Linux host is missing one or more security

Description :

The DNS query id generation code in BIND9 is vulnerable to
cryptographic analysis which provides a 1-in-8 change of guessing the
next query ID for 50% of the query IDs, which could be used by a
remote attacker to perform cache poisoning by an attacker

As well, in BIND9 9.4.x, the default ACLs were note being correctly
set, which could allow anyone to make recursive queries and/or query
the cache contents (CVE-2007-2925).

This update provides packages which are patched to prevent these

See also :

Solution :

Update the affected bind, bind-devel and / or bind-utils packages.

Risk factor :

Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 25795 (mandrake_MDKSA-2007-149.nasl)

Bugtraq ID: 25037

CVE ID: CVE-2007-2925

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now