The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5504 advisory.

    Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-3341 A stack     exhaustion flaw was discovered in the control channel code which may result in denial of service (named     daemon crash). CVE-2023-4236 Robert Story discovered that a flaw in the networking code handling DNS-over-     TLS queries could cause named to terminate unexpectedly due to an assertion failure, resulting in denial     of service when under high DNS-over-TLS query load conditions. For the oldstable distribution (bullseye),     these problems have been fixed in version 1:9.16.44-1~deb11u1. The oldstable distribution (bullseye) is     only affected by CVE-2023-3341. For the stable distribution (bookworm), these problems have been fixed in     version 1:9.18.19-1~deb12u1. We recommend that you upgrade your bind9 packages. For the detailed security     status of bind9 please refer to its security tracker page at: https://security-     tracker.debian.org/tracker/bind9

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DSA-5504-1 : bind9 - security update

high Nessus Plugin ID 181817

Version 1.2

Version 1.1

Version 1.0

Version 1.2 Jan 24, 2025, 9:25 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501242125
Version 1.1 Feb 16, 2024, 12:17 PM IAVM reference Plugin Feed: 202402161217
Version 1.0 Sep 23, 2023, 10:12 AM New Plugin Feed: 202309231012