Detections
Analytics

MiracleLinux 3 : bind-9.3.4-10.P1.1AXS3 (AXSA:2009-94:02)

medium Nessus Plugin ID 284170

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-94:02 advisory.

 BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
 Fixed bugs:
 CVE-2007-6283 Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
 CVE-2008-0122 Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
 CVE-2008-1447 The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka DNS Insufficient Socket Entropy Vulnerability or the Kaminsky bug.
 Other bugs:
 - Accepts krb5-self and krb5-subdomain update-policy matches
 - Added configtest to usage report from named initscript
 - Added GSS-TSIG support to named
 - Added GSS-TSIG support to nsupdate
 - bind-chroot update now honours user defined chroot directory
 - bind-sdb scripplet sets /etc/openldap/slapd.conf ownership correcly
 - Checks DSA_do_verify returns value correctly
 - Does not call restorecon on chroot/proc
 - Does not crash when some subdomain are used as a rndc reload argument
 - Fixed building of SDB stuff
 - Fixed ${chroot}/dev/random SELinux labelling
 - Fixed named.log sync in bind-chroot-admin
 - Fixed a race condition during DBUS initialization
 - Fixed rndc stop return value handler
 - Fixed wrong perms of named's ldap schema
 - initscript LSD standardization
 - Minor changes in initscript
 - Removed query-source{,-v6} option from caching-nameserver.conf
 - Now return a nonzero value from initscript when named fails to reload
 - Revised the permissions of executables and scripts
 - Set the open files limit to unlimited by default as described in documentation
 - Supressed errors from chroot's specfile scripts
 - Updated L.ROOT-SERVERS.NET address in lib/dns/rootns.c file
 - Updated named.root zone to affect root IPv6 migration

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/732

Plugin Details

Severity: Medium

ID: 284170

File Name: miracle_linux_AXSA-2009-94.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-0122

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2008-1447

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:bind-libs, p-cpe:/a:miracle:linux:bind-chroot, p-cpe:/a:miracle:linux:bind-devel, p-cpe:/a:miracle:linux:bind, p-cpe:/a:miracle:linux:bind-utils, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:caching-nameserver

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/4/2009

Vulnerability Publication Date: 12/17/2007

Reference Information

CVE: CVE-2007-6283, CVE-2008-0122, CVE-2008-1447

IAVA: 2008-A-0045