Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11320
Category:General
Title:The remote BIND has dynamic updates enabled
Summary:NOSUMMARY
Description:Description:

The remote nameserver has dynamic updates enabled.

The dynamic updates let the bind administrator update the name
service information dynamically.

However, it is possible to trick bind to change the resource
record for the zone is it serves. An attacker may use this
flaw to hijack the traffic going the your servers and redirect
it to somewhere else.


Solution : If you use bind, add the option
allow-update {none
}


in your named.conf to disable this feature entirely.

Risk factor : Low

CopyrightThis script is Copyright (C) 2003 Renaud Deraison

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.