Nmap Development mailing list archives
Re: Vulnerability IDs in dns-test-open-recursion.nse.
From: jah <jah () zadkiel plus com>
Date: Tue, 14 Oct 2008 18:31:20 +0100
On 14/10/2008 16:21, David Fifield wrote:
Hi, I was going through the documentation for the NSE scripts. I saw this in dns-test-open-recursion.nse: id = "Nameserver open recursive queries (CVE-1999-0024) (BID 136, 678)" I looked up the vulnerability IDs and they all refer to specific BIND vulnerabilities, having to do more with predictable query IDs than recursion. (Though recursion may be a factor in the vulnerabilities, I don't know.) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0024 http://www.cert.org/advisories/CA-1997-22.html http://www.securityfocus.com/bid/136/discuss http://www.securityfocus.com/bid/678/discuss Should these references be removed from the script? The script isn't about BIND particularly or query IDs at all. If recursion plays a part in the vulnerabilities, let's move the references to their own paragraph later in the description along with an explanation.
There's a nessus plugin 10539 [1] where this seems to have originated. I'm not sure about the connection between publicly available recursion and the specific vulnerability mentioned in the CVE db, but I suppose that vulnerable servers would be at a greater risk of poisoning if they perform queries on behalf of every Tom, Dick and Harry. I vote for complete removal of the references. jah [1] http://www.nessus.org/plugins/index.php?view=single&id=10539 <http://www.nessus.org/plugins/index.php?view=single&id=10539> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Vulnerability IDs in dns-test-open-recursion.nse. David Fifield (Oct 14)
- Re: Vulnerability IDs in dns-test-open-recursion.nse. jah (Oct 14)