ISC BIND 9 9.7.2 < 9.7.2-P2 Multiple Vulnerabilities

medium Nessus Plugin ID 49777


The remote name server is affected by multiple vulnerabilities.


According to its self-reported version number, the remote installation of BIND is affected by multiple vulnerabilities :

- A flaw exists that allows access to a cache via recursion even though the ACL disallows it. Note that this only occurs if BIND is operating as both an authoritative and recursive name server in the same view.

- If BIND, acting as a DNSSEC validating server, has two or more trust anchors configured in named.conf for the same zone and the response for a record in that zone from the authoritative server includes a bad signature, the validating server will crash while trying to validate that query.


Upgrade to BIND 9.7.2-P2 or later.

See Also

Plugin Details

Severity: Medium

ID: 49777

File Name: bind9_972_p2.nasl

Version: 1.13

Type: remote

Family: DNS

Published: 10/6/2010

Updated: 6/27/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:isc:bind

Required KB Items: Settings/ParanoidReport, bind/version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/28/2010

Vulnerability Publication Date: 9/28/2010

Reference Information

CVE: CVE-2010-0218, CVE-2010-3762

BID: 43573, 45385

Secunia: 41654