Insecure Caching

2019-01-1508:51:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.01 Low

EPSS

Percentile

83.7%

JSON

bind is vulnerable to ghost domain names attack. This is due to a flaw in the way BIND handles the updates of cached name server (NS) resource records. A malicious owner of a DNS domain is able to abuse the vulnerability to keep the domain resolvable by the BIND server even after the delegation has been removed from the parent DNS zone.

CPENameOperatorVersion
bindeq9.7.0__5.P2.el6
bindeq9.7.0__5.P2.el6_0.1
bindeq9.3.3__7.el5
bindeq9.3.4__6.0.3.P1.el5_2
bindeq9.3.6__4.P1.el5_5.3
bindeq9.3.6__16.P1.el5_7.1
bindeq9.3.3__8.el5
bindeq9.3.6__16.P1.el5
bindeq9.7.3__2.el6_1.P1.1
bindeq9.7.3__2.el6_1.P3.3

Name	Operator	Version
bind	eq	9.7.0__5.P2.el6
bind	eq	9.7.0__5.P2.el6_0.1
bind	eq	9.3.3__7.el5
bind	eq	9.3.4__6.0.3.P1.el5_2
bind	eq	9.3.6__4.P1.el5_5.3
bind	eq	9.3.6__16.P1.el5_7.1
bind	eq	9.3.3__8.el5
bind	eq	9.3.6__16.P1.el5
bind	eq	9.7.3__2.el6_1.P1.1
bind	eq	9.7.3__2.el6_1.P3.3