Red Hat Bugzilla – Bug 98587
redhat-7.3 bind-9.2.1-1.7x.2 vulnerable to buffer-overflow
Last modified: 2007-03-27 00:07:35 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
Description of problem:
I am using 7.3 and bind-9.2.1 which came with the system. I ran nessus and it
indicates that there is security issues with bind-9.2.1, is it possible that
Redhat can issue an errata for that so that 7.3 can run bind-9.2.2? Thanks.
Output from nessus:
The remote BIND 9 server, according to its
version number, is vulnerable to a buffer
overflow which may allow an attacker to
gain a shell on this host or to disable
Solution : upgrade to bind 9.2.2 or downgrade to the 8.x series
See also : http://www.isc.org/products/BIND/bind9.html
Risk factor : High
- Colin Kong
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install nessus.
2. Use the default settings of nessus to scan a redhat-7.3 system running bind
3. Read ``domain (53/tcp)'' section in the report output by nessus.
This is most likely a false positive that is triggered because we backport
security fixes without moving to new upstream versions of packages like bind.
See https://www.redhat.com/advice/speaks_backport.html for some background about
If Nessus gives you an associated CVE name, such as CAN-2002-0651 (which is most
likely the issue it is telling you about) you can search the Red Hat web site to
find out which update contained a fix for the issue. (For CAN-2002-0651 it is