ISC BIND < 9.5.0a6 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4147


The remote host is vulnerable to multiple attack vectors.


The remote host is running a version of BIND DNS Server prior to 9.4.1-P1. This version of BIND is vulnerable to a number of flaws that would allow cache poisoning and Denial of Service (DoS) attacks. An attacker exploiting these flaws would need to be able to manipulate the vulnerable DNS server to contact a malicious DNS server. Successful exploitation would lead to cache-poisoning attacks or a loss of availability.


Upgrade to version 9.5.0a6 or higher.

See Also

Plugin Details

Severity: Medium

ID: 4147

Family: DNS Servers

Published: 7/30/2007

Updated: 3/6/2019

Risk Information


Risk Factor: Medium

Score: 4.2


Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P


Risk Factor: Medium

Base Score: 5.4

Temporal Score: 5

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:isc:bind:9

Reference Information

CVE: CVE-2007-2925, CVE-2007-2926

BID: 25037, 25076