Nmap Development mailing list archives
Vulnerability IDs in dns-test-open-recursion.nse.
From: David Fifield <david () bamsoftware com>
Date: Tue, 14 Oct 2008 09:21:08 -0600
Hi, I was going through the documentation for the NSE scripts. I saw this in dns-test-open-recursion.nse: id = "Nameserver open recursive queries (CVE-1999-0024) (BID 136, 678)" I looked up the vulnerability IDs and they all refer to specific BIND vulnerabilities, having to do more with predictable query IDs than recursion. (Though recursion may be a factor in the vulnerabilities, I don't know.) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0024 http://www.cert.org/advisories/CA-1997-22.html http://www.securityfocus.com/bid/136/discuss http://www.securityfocus.com/bid/678/discuss Should these references be removed from the script? The script isn't about BIND particularly or query IDs at all. If recursion plays a part in the vulnerabilities, let's move the references to their own paragraph later in the description along with an explanation. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Vulnerability IDs in dns-test-open-recursion.nse. David Fifield (Oct 14)