Debian DSA-2208-1 : bind9 - denial of service

NASLDB: Debian DSA-2208-1 : bind9 - denial of service

General

ID: 53224
Name: Debian DSA-2208-1 : bind9 – denial of service

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS Temporal Vector: –

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

It was discovered that BIND, a DNS server, contains a race condition
when processing zones updates in an authoritative server, either
through dynamic DNS updates or incremental zone transfer (IXFR). Such
an update while processing a query could result in deadlock and denial
of service. (CVE-2011-0414 )

In addition, this security update addresses a defect related to the
processing of new DNSSEC DS records by the caching resolver, which may
lead to name resolution failures in the delegated zone. If DNSSEC
validation is enabled, this issue can make domains ending in .COM
unavailable when the DS record for .COM is added to the DNS root zone
on March 31st, 2011. An unpatched server which is affected by this
issue can be restarted, thus re-enabling resolution of .COM domains.
This workaround applies to the version in oldstable, too.

Configurations not using DNSSEC validations are not affected by this
second issue.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2011-0414
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2011/03/30
Plugin Release: 2011/03/31

Plugin

Version: 1.8
Filename: debian_DSA-2208.nasl
Filesize: 3912 bytes
MD5 Hash: b2c7d63b15de93a3d08ffa21116eea52

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG