Scientific Linux Security Update : bind on SL6.x i386/x86_64

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A denial of service flaw was found in the way BIND
handled a query response containing CNAME or DNAME
resource records in an unusual order. A remote attacker
could use this flaw to make named exit unexpectedly with
an assertion failure via a specially crafted DNS
response. (CVE-2017-3137)

- A denial of service flaw was found in the way BIND
handled query requests when using DNS64 with
'break-dnssec yes' option. A remote attacker could use
this flaw to make named exit unexpectedly with an
assertion failure via a specially crafted DNS request.
(CVE-2017-3136)

See also :

http://www.nessus.org/u?69a76948

Solution :

Update the affected packages.

Risk factor :

High

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 99575 ()

Bugtraq ID:

CVE ID: CVE-2017-3136
CVE-2017-3137

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now