Detections
Analytics

ISC BIND 9 9.7.2 < 9.7.2-P2 Multiple Vulnerabilities

medium Nessus Plugin ID 49777

Language:

Synopsis

The remote name server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the remote installation of BIND is affected by multiple vulnerabilities :

 - A flaw exists that allows access to a cache via recursion even though the ACL disallows it. Note that this only occurs if BIND is operating as both an authoritative and recursive name server in the same view.

 - If BIND, acting as a DNSSEC validating server, has two or more trust anchors configured in named.conf for the same zone and the response for a record in that zone from the authoritative server includes a bad signature, the validating server will crash while trying to validate that query.

Solution

Upgrade to BIND 9.7.2-P2 or later.

See Also

http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html

Plugin Details

Severity: Medium

ID: 49777

File Name: bind9_972_p2.nasl

Version: 1.13

Type: remote

Family: DNS

Published: 10/6/2010

Updated: 6/27/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:isc:bind

Required KB Items: bind/version, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 9/28/2010

Vulnerability Publication Date: 9/28/2010

Reference Information

CVE: CVE-2010-0218, CVE-2010-3762

BID: 43573, 45385

Secunia: 41654