BIND9, ISS and AUTHORS.BIND
vixie at sa.vix.com
Tue Feb 7 19:26:17 UTC 2006
> I have a 9.3.1 build of BIND running on a Red Hat Enterprise
> Linux ES4 system. I *must* use the ISS scanner (http://www.iss.net/) to
> discover and mitigate any vulnerabilities on the system before I can
> connect it to the network. When I ran a scan of my box, I found the
> below Medium vulnerability that I need to do something about.
the ISS people are smoking the wrong drugs, in that case.
> Vulnerability Details:
> M BindHostnameDisclosure: BIND hostname disclosure BIND (the Berkeley
> Internet Name Daemon) is the Domain Name Service for Unix systems. BIND
> versions 9.0 and later could allow a remote attacker to obtain sensitive
> information. By sending specially-crafted DNS query for the record
> AUTHORS.BIND a remote attacker may learn the BIND software version and
> the hostname of the DNS server. This information could be helpful in
> launching further attacks.
> No remedy available as of January 2005.
the remedy is for them to remove this test from their suite. fpdns will
tell anybody who wants to know, exactly what version of code you're running.
More information about the bind-users