Detections
Analytics

MiracleLinux 4 : bind-9.8.2-0.10.rc1.AXS4 (AXSA:2012-801:02)

high Nessus Plugin ID 284156

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-801:02 advisory.

 BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
 Security issues fixed with this release:
 CVE-2012-1033 The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a ghost domain names attack.
 CVE-2012-1667 ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive Fixed bugs:
 nslookup does not fail anymore when /etc/resolv.conf contains nameservers with disabled recursion.
 Improved the handling of errors arising on automatic update of DNSSEC trust anchors: the named daemon now exits gracefully.
 Disabled the atomic options on PowerPC to make the multi-threaded named daemon more reliable.
 Fixed a race condition happening on validation of DNSSEC-signed NXDOMAIN responses.
 When the named server was configured as a master server, it could sometimes fail to compress an incompressible zone with the following error message: transfer of './IN': sending zone data: ran out of space. This has been fixed.
 Named no longer crashes during a DNS zone transfer.
 If it does not exist, the rndc.key file is now generated by the named initscript during the service startup, instead of by the rndc-confgen -a command during installation.
 After running the rndc reload command, named failed to update DNSSEC trust anchors and logged the message:managed-keys-zone ./IN: Failed to create fetch for DNSKEY update. This has been fixed.
 Fixed the bind spec file error responsible for not bind-chroot not creating a /dev/null device and leaving some empty directories after uninstalling.
 Because the dynamic-db plug-ins were loaded too early, it could cause the configuration in the named.conf file to override the configuration supplied by the plug-in, and named could fail to start. This has been fixed.
 Previously, when stopping the named service, the /var/named directory was always unmounted, regardless of chroot configuration. Now it is unmounted only when the chroot configuration is enabled.
 It was previously impossible to determine whether an nslookup run was successful from the error code as it failed to return a non-zero exit code when it failed to get an answer. This has been fixed; the exit code is 1.
 Enhancements Added fixed ordering support for the rrset-order option: resource records can now be ordered in the order they are loaded from the zone file.
 Lowered the severity of the messages relating to external DNS queries from notice to debug to not flood the log with too much unnecessary information.
 In order to avoid conflicts with other services, the named daemon now uses portreserve to reserve the Remote Name Daemon.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3340

Plugin Details

Severity: High

ID: 284156

File Name: miracle_linux_AXSA-2012-801.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS Score Source: CVE-2012-1667

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:bind-libs, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:bind-utils, p-cpe:/a:miracle:linux:bind, p-cpe:/a:miracle:linux:bind-chroot

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/21/2012

Vulnerability Publication Date: 2/7/2012

Reference Information

CVE: CVE-2012-1033, CVE-2012-1667