nessus scan reveals vulnerability on port domain (53/tcp)
Rick Updegrove
dislists at updegrove.net
Sat Jan 27 07:00:08 UTC 2001
Hello, below is a nessus generated scan which suggests that I "Restrict
recursive queries to the hosts that should use this nameserver (such as
those of the LAN connected to it). If you are using bind 8, you can do this
by using the instruction 'allow-recursion' in the 'options' section of your
named.conf
I tried at least 3 ways of adding that - all of which errored on restart.
Does anyone have a working example? Thanks. <By the way I upgraded the
version already to the reccomended upgrade version>
Vulnerability found on port domain (53/tcp)
The remote BIND server, according to its
version number, is vulnerable to the ZXFR
bug that allows an attacker to disable it
remotely.
Solution : upgrade to bind 8.2.2-P7
Risk factor : High
[ back to the list of ports ]
Warning found on port domain (53/tcp)
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
<This was a remote scan to my nameserver>
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using another name server, consult its documentation.
Risk factor : Serious
Information found on port domain (53/tcp)
The remote bind version is : 8.2.2-P5
< I did upgrade this >
More information about the bind-users
mailing list