Detections
Analytics

MiracleLinux 4 : bind-9.7.3-2.2.0.1.AXS4.P3 (AXSA:2011-406:01)

high Nessus Plugin ID 284320

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-406:01 advisory.

 BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
 Security issues fixed with this release:
 CVE-2011-1910 Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
 CVE-2011-2464 Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
 Fixed bugs:
 - bind on 64-bit PowerPC architecture now uses the same native atomic operations as the PowerPC architecture instead of emulated ones.
 - the bind package used to generate the /etc/rndc.key file, by using entropy from /dev/random; this could lead to the bind package installation to hang. Since the rndc.key is used by rndc for advanced administration commands, it is no longer generated automatically during the bind package installation. If needed, users can generate the key file with the rndc-confgen -a command.
 - named could sometimes enter a deadlock. This has been fixed.
 - If the connection failed during named_sdb startup, the named_sdb PostgreSQL database backend failed to reconnect to the database. It now writes error message the systemlog and retries to connect at every lookup.
 - removed conflicts between i686 and x86_64 versions of bind-devel, they can now both be installed on the same machine.
 - initscripts does not kill all processes with the name 'named' when stopping the named daemon anymore, only the selected ones.
 - added the return codes of the dig utility to the dig man page.
 - updated the named.8 manpage to reflect that the system-config-bind utility is not provided anymore.
 - the status action of the named initscript would not complete when bind-sdb package was installed. This has been fixed.
 - if the resolv.conf contained search keyword with no arguments, the host/nslookup/dig utilities failed to parse correctly. They now ignore those lines.
 - Removed the incomplete list of TSIG algorithms from the nsupdate man page. It can be found in the dnssec-keygen man page.
 Enhancements:
 - re-based to version 9.7.3.
 - the host utility now honors debug, attempts and timeout options in resolv.conf.
 - added the new option DISABLE_ZONE_CHECKING to /etc/sysconfig/named. This is to bypass zone validation via the named-checkzone utility in initscript and allows to start named with misconfigured zones.
 - with this update, size, MD5 and the modification time of /etc/sysconfig/named configuration file is no longer checked via the rpm -V bind command.
 - Root zone DNSKEY is now included in the bind package, in the /etc/named.root.key file.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/2119

Plugin Details

Severity: High

ID: 284320

File Name: miracle_linux_AXSA-2011-406.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2011-2464

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:bind-libs, p-cpe:/a:miracle:linux:bind-chroot, p-cpe:/a:miracle:linux:bind, p-cpe:/a:miracle:linux:bind-utils, cpe:/o:miracle:linux:4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/28/2011

Vulnerability Publication Date: 5/26/2011

Reference Information

CVE: CVE-2011-1910, CVE-2011-2464