ISC BIND 9 9.7.2 < 9.7.2-P2 Multiple Vulnerabilities

Medium Nessus Plugin ID 49777

Synopsis

The remote name server is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the remote installation of BIND is affected by multiple vulnerabilities :

- A flaw exists that allows access to a cache via recursion even though the ACL disallows it. Note that this only occurs if BIND is operating as both an authoritative and recursive name server in the same view.

- If BIND, acting as a DNSSEC validating server, has two or more trust anchors configured in named.conf for the same zone and the response for a record in that zone from the authoritative server includes a bad signature, the validating server will crash while trying to validate that query.

Solution

Upgrade to BIND 9.7.2-P2 or later.

See Also

http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html

Plugin Details

Severity: Medium

ID: 49777

File Name: bind9_972_p2.nasl

Version: 1.13

Type: remote

Family: DNS

Published: 2010/10/06

Updated: 2018/06/27

Dependencies: 10028

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:isc:bind

Required KB Items: bind/version, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/09/28

Vulnerability Publication Date: 2010/09/28

Reference Information

CVE: CVE-2010-0218, CVE-2010-3762

BID: 43573, 45385

Secunia: 41654