Mandriva Linux Security Advisory : bind (MDVSA-2009:313-1)

Low Nessus Plugin ID 42999


The remote Mandriva Linux host is missing one or more security updates.


Some vulnerabilities were discovered and corrected in bind :

Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO). (CVE-2009-4022).

Additionally BIND has been upgraded to the latest point release or closest supported version by ISC.

Update :

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers


Update the affected bind, bind-devel and / or bind-utils packages.

Plugin Details

Severity: Low

ID: 42999

File Name: mandriva_MDVSA-2009-313.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2009/12/04

Modified: 2014/01/27

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:bind, p-cpe:/a:mandriva:linux:bind-devel, p-cpe:/a:mandriva:linux:bind-utils, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/12/03

Reference Information

CVE: CVE-2009-4022

BID: 37118

MDVSA: 2009:313-1