Mandriva Linux Security Advisory : bind (MDVSA-2015:054)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated bind packages fix security vulnerability :

Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error on
the zone operator's part, or due to interference with network traffic
by an attacker. This issue affects configurations with the directives
'dnssec-lookaside auto\;' (as enabled in the Mageia default
configuration) or 'dnssec-validation auto\;' (CVE-2015-1349).

See also :

http://advisories.mageia.org/MGASA-2015-0082.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.4
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 81937 ()

Bugtraq ID: 72673

CVE ID: CVE-2015-1349

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now