ISC BIND Validator Self Checking Remote DoS
|
|
Article ID: 16261
Last updated: 27 Jan, 2009
|
|
|
|
Views: 434
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
ISC BIND Validator Self Checking Remote DoS |
|
| This script is Copyright (C) 2005-2009 Tenable Network Security, Inc. |
|
|
| Family | DNS |
| Plugin ID | 16261 |
| Bugtraq ID | 12365
12497
|
| CVE ID | CVE-2005-0034
|
|
| Description: |
Synopsis :
The remote name server is prone to a denial of service attack.
Description :
The remote bind server, according to its version number, has a flaw in
the way authvalidator() is implemented.
Provided DNSSEC has been enabled in the remote name server, an
attacker may be able to launch a denial of service attack against the
remote service.
See also :
http://www.kb.cert.org/vuls/id/938617
http://www.isc.org/index.pl?/sw/bind/bind-security.php
Solution :
Upgrade to bind 9.3.1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P) |
|
