Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CentOS Update for bind CESA-2008:0533 centos4 i386
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check for the Version of bind
Insight
Insight
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue.
Affected Software
Affected Software
bind on CentOS 4
Solution
Solution
Please Install the Updated Packages.