Mandriva Linux Security Advisory : bind (MDVSA-2009:313-1)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Some vulnerabilities were discovered and corrected in bind :

Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before
9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x
through 9.3.x with DNSSEC validation enabled and checking disabled
(CD), allows remote attackers to conduct DNS cache poisoning attacks
via additional sections in a response sent for resolution of a
recursive client query, which is not properly handled when the
response is processed at the same time as requesting DNSSEC records
(DO). (CVE-2009-4022).

Additionally BIND has been upgraded to the latest point release or
closest supported version by ISC.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers

Solution :

Update the affected bind, bind-devel and / or bind-utils packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 2.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 42999 (mandriva_MDVSA-2009-313.nasl)

Bugtraq ID: 37118

CVE ID: CVE-2009-4022

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now