Debian DSA-1604-1 : bind - DNS cache poisoning

medium Nessus Plugin ID 33451
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.

Solution

The BIND 8 legacy code base could not be updated to include the recommended countermeasure (source port randomization, see DSA-1603-1 for details). There are two ways to deal with this situation :

1. Upgrade to BIND 9 (or another implementation with source port randomization). The documentation included with BIND 9 contains a migration guide.

2. Configure the BIND 8 resolver to forward queries to a BIND 9 resolver. Provided that the network between both resolvers is trusted, this protects the BIND 8 resolver from cache poisoning attacks (to the same degree that the BIND 9 resolver is protected).

This problem does not apply to BIND 8 when used exclusively as an authoritative DNS server. It is theoretically possible to safely use BIND 8 in this way, but updating to BIND 9 is strongly recommended. BIND 8 (that is, the bind package) will be removed from the etch distribution in a future point release.

Plugin Details

Severity: Medium

ID: 33451

File Name: debian_DSA-1604.nasl

Version: Revision: 1.16

Type: local

Agent: unix

Published: 7/10/2008

Updated: 6/3/2013

Dependencies: ssh_get_info.nasl

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Reference Information

CVE: CVE-2008-1447

OSVDB: 47232, 47916, 47926, 47927, 48245

CERT: 800113

IAVA: 2008-A-0045

DSA: 1603, 1604