Detections
Analytics
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-207-01)
medium Nessus Plugin ID 54868
Language:
Synopsis
The remote Slackware host is missing a security update.Description
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix security issues. The first issue which allows remote attackers to make recursive queries only affects Slackware 12.0. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 The second issue is the discovery that BIND9's query IDs are cryptographically weak. This issue affects the versions of BIND9 in all supported Slackware versions. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Solution
Update the affected bind package.See Also
Plugin Details
Severity: Medium
ID: 54868
File Name: Slackware_SSA_2007-207-01.nasl
Version: 1.13
Type: local
Family: Slackware Local Security Checks
Published: 5/28/2011
Updated: 1/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: cpe:/o:slackware:slackware_linux:10.1, p-cpe:/a:slackware:slackware_linux:bind, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:11.0, cpe:/o:slackware:slackware_linux:9.0, cpe:/o:slackware:slackware_linux:9.1, cpe:/o:slackware:slackware_linux:10.2, cpe:/o:slackware:slackware_linux:12.0, cpe:/o:slackware:slackware_linux:10.0
Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/26/2007
Vulnerability Publication Date: 7/24/2007
Reference Information
CVE: CVE-2007-2925, CVE-2007-2926
BID: 25037
SSA: 2007-207-01