FreeBSD : FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8) (fc5231b6-c066-11e1-b5e0-000c299b62e1)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Problem description :

The named(8) server does not properly handle DNS resource records
where the RDATA field is zero length, which may cause various issues
for the servers handling them.

Resolving servers may crash or disclose some portion of memory to the
client. Authoritative servers may crash on restart after transferring
a zone containing records with zero-length RDATA fields. These would
result in a denial of service, or leak of sensitive information.

See also :

http://www.nessus.org/u?aaa6bb84

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 59749 ()

Bugtraq ID: 53772

CVE ID: CVE-2012-1667

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now