Mandrake Linux Security Advisory : bind (MDKSA-2000:067)

Medium Nessus Plugin ID 61853


The remote Mandrake Linux host is missing one or more security updates.


A vulnerability exists with the bind nameserver dealing with compressed zone transfers. This vulnerability can be exploited by authorized zone transfers and used in a DoS attack. The named daemon will crash if it receives this type of zone transfer from an authorized source address. The crash is not necessarily immediate, but can range from a few seconds to a few minutes from the time of the attack.

This new version of bind also fixes a bug in the handling of the compression pointer tables which can result in the nameserver entering an infinite loop. This bug has been known to occur in the standard processing of SRV records used with Windows 2000 Active Directory.

All Linux-Mandrake users are encouraged to upgrade bind immediately.


Update the affected bind, bind-devel and / or bind-utils packages.

Plugin Details

Severity: Medium

ID: 61853

File Name: mandrake_MDKSA-2000-067.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:bind, p-cpe:/a:mandriva:linux:bind-devel, p-cpe:/a:mandriva:linux:bind-utils, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2000/11/10

Reference Information

CVE: CVE-2000-0887, CVE-2000-0888

MDKSA: 2000:067