Lucene search

CentOS Update for bind CESA-2011:1496 centos4 x86_64

The remote host is missing an update for the 'bind' package(s) announced via the referenced advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 150
RedHat Linux	(RHSA-2011:1459) Important: bind97 security update	17 Nov 201100:00	–	redhat
RedHat Linux	(RHSA-2011:1458) Important: bind security update	17 Nov 201100:00	–	redhat
RedHat Linux	(RHSA-2011:1496) Important: bind security update	29 Nov 201100:00	–	redhat
OpenVAS	Fedora Update for bind FEDORA-2011-16057	2 Apr 201200:00	–	openvas
OpenVAS	Mandriva Update for bind MDVSA-2011:176-2 (bind)	21 Nov 201100:00	–	openvas
OpenVAS	RedHat Update for bind RHSA-2011:1458-01	18 Nov 201100:00	–	openvas
OpenVAS	CentOS Update for bind CESA-2011:1458 centos5 i386	21 Nov 201100:00	–	openvas
OpenVAS	FreeBSD Ports: bind96	13 Feb 201200:00	–	openvas
OpenVAS	CentOS Update for bind97 CESA-2011:1459 centos5 x86_64	30 Jul 201200:00	–	openvas
OpenVAS	CentOS Update for bind CESA-2011:1458 centos5 x86_64	30 Jul 201200:00	–	openvas

Source	Link
lists	www.lists.centos.org/pipermail/centos-announce/2011-November/018260.html

# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2011-November/018260.html");
  script_oid("1.3.6.1.4.1.25623.1.0.881311");
  script_version("2023-07-10T08:07:43+0000");
  script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
  script_tag(name:"creation_date", value:"2012-07-30 17:21:02 +0530 (Mon, 30 Jul 2012)");
  script_cve_id("CVE-2011-4313");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_xref(name:"CESA", value:"2011:1496");
  script_name("CentOS Update for bind CESA-2011:1496 centos4 x86_64");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'bind'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS4");
  script_tag(name:"affected", value:"bind on CentOS 4");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"insight", value:"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
  Name System (DNS) protocols. BIND includes a DNS server (named), a resolver
  library (routines for applications to use when interfacing with DNS), and
  tools for verifying that the DNS server is operating correctly.

  A flaw was discovered in the way BIND handled certain DNS queries, which
  caused it to cache an invalid record. A remote attacker could use this
  flaw to send repeated queries for this invalid record, causing the
  resolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313)

  Users of bind are advised to upgrade to these updated packages, which
  resolve this issue. After installing the update, the BIND daemon (named)
  will be restarted automatically.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS4")
{

  if ((res = isrpmvuln(pkg:"bind", rpm:"bind~9.2.4~38.el4", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-chroot", rpm:"bind-chroot~9.2.4~38.el4", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.2.4~38.el4", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-libs", rpm:"bind-libs~9.2.4~38.el4", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.2.4~38.el4", rls:"CentOS4")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Jul 2012 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS25

EPSS0.1033