Mandriva Linux Security Advisory : bind (MDVSA-2014:002)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability has been discovered and corrected in ISC BIND :

The query_findclosestnsec3 function in query.c in named in ISC BIND
9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV
before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of
service (INSIST assertion failure and daemon exit) via a crafted DNS
query to an authoritative nameserver that uses the NSEC3 signing
feature (CVE-2014-0591).

The updated packages for Enterprise Server 5 have been patched to
correct this issue.

The updated packages for Business Server 1 have been upgraded to the
9.9.4-P2 version which is unaffected by this issue.

See also :

https://kb.isc.org/article/AA-01078
https://kb.isc.org/article/AA-01085

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 2.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 72018 ()

Bugtraq ID: 64801

CVE ID: CVE-2014-0591

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now