Detections
Analytics

FreeBSD : bind9 -- denial of service (30e4ed7b-1ca6-11da-bc01-000e0c2e438a)

medium Nessus Plugin ID 21410

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Problem description

A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.

Impact

On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests.

Workaround

DNSSEC is not enabled by default, and the 'dnssec-enable' directive is not normally present. If DNSSEC has been enabled, disable it by changing the 'dnssec-enable' directive to 'dnssec-enable no;' in the named.conf(5) configuration file.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?93b26d47

http://www.isc.org/downloads/bind/bind9.3.php#security

http://www.nessus.org/u?45431c73

Plugin Details

Severity: Medium

ID: 21410

File Name: freebsd_pkg_30e4ed7b1ca611dabc01000e0c2e438a.nasl

Version: 1.19

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bind9, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/3/2005

Vulnerability Publication Date: 1/25/2005

Reference Information

CVE: CVE-2005-0034

CERT: 938617