Gentoo Security Advisory GLSA 200807-08 (bind) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200807-08.

Solution

All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/bind-9.4.2_p1' Note: In order to utilize the query port randomization to mitigate the weakness, you need to make sure that your network setup allows the DNS server to use random source ports for query and that you have not set a fixed query port via the 'query-source port' directive in the BIND configuration. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200807-08 http://bugs.gentoo.org/show_bug.cgi?id=231201

Insight

A weakness in the DNS protocol has been reported, which could lead to cache poisoning on recursive resolvers.

Severity

Classification

CVE CVE-2008-1447

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200405-06 (libpng)
Gentoo Security Advisory GLSA 200405-18 (firebird)
Gentoo Security Advisory GLSA 200401-01 (Kernel)
Gentoo Security Advisory GLSA 200406-08 (Squirrelmail)
Gentoo Security Advisory GLSA 200403-08 (oftpd)

Take action and discover your vulnerabilities