GLSA-200807-08 : BIND: Cache poisoning

Medium Nessus Plugin ID 33494

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200807-08 (BIND: Cache poisoning)

Dan Kaminsky of IOActive has reported a weakness in the DNS protocol related to insufficient randomness of DNS transaction IDs and query source ports.
Impact :

An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites.
Workaround :

There is no known workaround at this time.

Solution

All BIND users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/bind-9.4.2_p1' Note: In order to utilize the query port randomization to mitigate the weakness, you need to make sure that your network setup allows the DNS server to use random source ports for query and that you have not set a fixed query port via the 'query-source port' directive in the BIND configuration.

See Also

https://security.gentoo.org/glsa/200807-08

Plugin Details

Severity: Medium

ID: 33494

File Name: gentoo_GLSA-200807-08.nasl

Version: 1.24

Type: local

Published: 2008/07/15

Updated: 2018/07/11

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:bind, cpe:/o:gentoo:linux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/07/11

Reference Information

CVE: CVE-2008-1447

GLSA: 200807-08

IAVA: 2008-A-0045