Mandriva Linux Security Advisory : bind (MDVSA-2015:165)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated bind packages fix security vulnerabilities :

By making use of maliciously-constructed zones or a rogue server, an
attacker can exploit an oversight in the code BIND 9 uses to follow
delegations in the Domain Name Service, causing BIND to issue
unlimited queries in an attempt to follow the delegation. This can
lead to resource exhaustion and denial of service (up to and including
termination of the named server process) (CVE-2014-8500).

Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error on
the zone operator's part, or due to interference with network traffic
by an attacker. This issue affects configurations with the directives
'dnssec-lookaside auto;' (as enabled in the Mandriva default
configuration) or 'dnssec-validation auto;' (CVE-2015-1349).

See also :

http://advisories.mageia.org/MGASA-2014-0524.html
http://advisories.mageia.org/MGASA-2015-0082.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82418 ()

Bugtraq ID:

CVE ID: CVE-2014-8500
CVE-2015-1349

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now