Detections
Analytics
Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20151216)
medium Nessus Plugin ID 87460
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000)Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.
After installing the update, the BIND daemon (named) will be restarted automatically.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Medium
ID: 87460
File Name: sl_20151216_bind_on_SL5_x.nasl
Version: 2.9
Type: local
Agent: unix
Published: 12/17/2015
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:bind, p-cpe:/a:fermilab:scientific_linux:bind-chroot, p-cpe:/a:fermilab:scientific_linux:bind-debuginfo, p-cpe:/a:fermilab:scientific_linux:bind-devel, p-cpe:/a:fermilab:scientific_linux:bind-libbind-devel, p-cpe:/a:fermilab:scientific_linux:bind-libs, p-cpe:/a:fermilab:scientific_linux:bind-sdb, p-cpe:/a:fermilab:scientific_linux:bind-utils, p-cpe:/a:fermilab:scientific_linux:caching-nameserver, x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 12/16/2015
Vulnerability Publication Date: 12/16/2015
Reference Information
CVE: CVE-2015-8000