FreeBSD : bind9 -- denial of service (30e4ed7b-1ca6-11da-bc01-000e0c2e438a)

Medium Nessus Plugin ID 21410


The remote FreeBSD host is missing a security-related update.


Problem description

A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.


On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests.


DNSSEC is not enabled by default, and the 'dnssec-enable' directive is not normally present. If DNSSEC has been enabled, disable it by changing the 'dnssec-enable' directive to 'dnssec-enable no;' in the named.conf(5) configuration file.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 21410

File Name: freebsd_pkg_30e4ed7b1ca611dabc01000e0c2e438a.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2006/05/13

Modified: 2013/08/09

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bind9, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2005/09/03

Vulnerability Publication Date: 2005/01/25

Reference Information

CVE: CVE-2005-0034

CERT: 938617