| Description: | Summary:
The remote host is missing an update for the 'bind' package(s) announced via the SSA:2007-207-01 advisory.
Vulnerability Insight:
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, and 12.0 to fix security issues.
The first issue which allows remote attackers to make recursive queries only
affects Slackware 12.0. More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database:
[link moved to references]
The second issue is the discovery that BIND9's query IDs are cryptographically
weak. This issue affects the versions of BIND9 in all supported Slackware
versions. More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
[link moved to references]
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/bind-9.4.1_P1-i486-1_slack12.0.tgz:
Upgraded to bind-9.4.1_P1 to fix security issues.
The default access control lists allow remote attackers to make recursive
queries in BIND9 versions 9.4.0 through 9.4.1.
The query IDs in BIND9 prior to BIND 9.4.1-P1 are cryptographically weak.
For more information on these issues, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'bind' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0, Slackware 12.0.
Solution:
Please install the updated package(s).
CVSS Score:
5.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
