Lucene search
Debian Security Advisory DSA 1342-2 (bind9)
🗓️ 17 Jan 2008 00:00:00Reported by Copyright (c) 2007 E-Soft Inc. http://www.securityspace.comType 
openvas🔗 plugins.openvas.org👁 19 Views
Debian Security Advisory DSA 1342-2 (bind9) provides fixed packages for DNS query ID vulnerabilit
Show more
| Reporter | Title | Published | Views | Family All 135 |
|---|---|---|---|---|
 | Moderate: bind security update | 24 Jul 200700:00 | – | oraclelinux |
| bind security update | 3 Feb 202200:00 | – | oraclelinux |
 | Debian DSA-1341-2 : bind9 - design error | 13 Aug 200700:00 | – | nessus |
| RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2007:0740) | 27 Jul 200700:00 | – | nessus |
| SuSE 10 Security Update : bind,bind-devel,bind-utils (ZYPP Patch Number 3976) | 13 Dec 200700:00 | – | nessus |
| Ubuntu 6.06 LTS / 6.10 / 7.04 : bind9 vulnerability (USN-491-1) | 10 Nov 200700:00 | – | nessus |
| FreeBSD : FreeBSD -- Predictable query ids in named(8) (3de342fb-40be-11dc-aeac-02e0185f8d72) | 2 Aug 200700:00 | – | nessus |
| CentOS 3 / 4 / 5 : bind (CESA-2007:0740) | 27 Jul 200700:00 | – | nessus |
| openSUSE 10 Security Update : bind (bind-3964) | 17 Oct 200700:00 | – | nessus |
| Scientific Linux Security Update : bind on SL5.x, SL4.x, SL3.x i386/x86_64 | 1 Aug 201200:00 | – | nessus |
10
# OpenVAS Vulnerability Test
# $Id: deb_1342_2.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1342-2
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "This update provides fixed packages for the oldstable distribution (sarge).
For reference the original advisory text:
Amit Klein discovered that the BIND name server generates predictable
DNS query IDs, which may lead to cache poisoning attacks.
For the oldstable distribution (sarge) this problem has been fixed in
version 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet
available, they will be released soon.
For the stable distribution (etch) this problem has been fixed in
version 9.3.4-2etch1. An update for mips is not yet available, it will
be released soon.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your BIND packages.";
tag_summary = "The remote host is missing an update to bind9
announced via advisory DSA 1342-2.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201342-2";
if(description)
{
script_id(58513);
script_version("$Revision: 6616 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2007-2926");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("Debian Security Advisory DSA 1342-2 (bind9)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"bind9-doc", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"bind9", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"bind9-host", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"dnsutils", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libbind-dev", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libdns16", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libisc7", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libisccc0", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libisccfg0", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"liblwres1", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"lwresd", ver:"9.2.4-1sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"bind9-doc", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"bind9", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"bind9-host", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"dnsutils", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libbind-dev", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libbind9-0", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libdns22", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libisc11", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libisccc0", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"libisccfg1", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"liblwres9", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"lwresd", ver:"9.3.4-2etch1", rls:"DEB4.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Jan 2008 00:00Current
0.3Low risk
Vulners AI Score0.3
EPSS0.15044