Detections
Analytics
RHEL 7 : bind (RHSA-2015:0672)
medium Nessus Plugin ID 81750
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions. (CVE-2015-1349)
Red Hat would like to thank ISC for reporting this issue.
All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 81750
File Name: redhat-RHSA-2015-0672.nasl
Version: 1.19
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 3/11/2015
Updated: 2/5/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:bind-sdb, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:bind-libs-lite, p-cpe:/a:redhat:enterprise_linux:bind-utils, cpe:/o:redhat:enterprise_linux:7.2, p-cpe:/a:redhat:enterprise_linux:bind, cpe:/o:redhat:enterprise_linux:6.6, cpe:/o:redhat:enterprise_linux:7.7, p-cpe:/a:redhat:enterprise_linux:bind-lite-devel, p-cpe:/a:redhat:enterprise_linux:bind-chroot, p-cpe:/a:redhat:enterprise_linux:bind-libs, p-cpe:/a:redhat:enterprise_linux:bind-license, p-cpe:/a:redhat:enterprise_linux:bind-devel, cpe:/o:redhat:enterprise_linux:7.1, cpe:/o:redhat:enterprise_linux:7.6, p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:7.3, cpe:/o:redhat:enterprise_linux:7.4, cpe:/o:redhat:enterprise_linux:7.5, p-cpe:/a:redhat:enterprise_linux:bind-debuginfo
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 7/10/2018
Vulnerability Publication Date: 2/19/2015
Reference Information
CVE: CVE-2015-1349
BID: 72673
RHSA: 2015:0672