ISC BIND < 9.5.0a6 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4147

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running a version of BIND DNS Server prior to 9.4.1-P1. This version of BIND is vulnerable to a number of flaws that would allow cache poisoning and Denial of Service (DoS) attacks. An attacker exploiting these flaws would need to be able to manipulate the vulnerable DNS server to contact a malicious DNS server. Successful exploitation would lead to cache-poisoning attacks or a loss of availability.

Solution

Upgrade to version 9.5.0a6 or higher.

See Also

http://www.isc.org/index.pl?/sw/bind/view/?release=9.4.1-P1

Plugin Details

Severity: Medium

ID: 4147

Family: DNS Servers

Published: 7/30/2007

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:isc:bind:9

Reference Information

CVE: CVE-2007-2925, CVE-2007-2926

BID: 25037, 25076