Mandriva Linux Security Advisory : bind (MDVSA-2013:202)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability has been discovered and corrected in bind :

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x
before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and
DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote
attackers to cause a denial of service (daemon crash) via a query with
a malformed RDATA section that is not properly handled during
construction of a log message, as exploited in the wild in July 2013
(CVE-2013-4854).

The updated packages for Enterprise Server 5 have been patched to
correct this issue.

The updated packages for Business Server 1 have been upgraded to the
9.9.3-P2 version which is not vulnerable to this issue.

See also :

https://kb.isc.org/article/AA-01015

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 69097 ()

Bugtraq ID:

CVE ID: CVE-2013-4854

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now