Vulnerability IDs in dns-test-open-recursion.nse.

[David Fifield <david () bamsoftware com>]

Hi,

I was going through the documentation for the NSE scripts. I saw this in
dns-test-open-recursion.nse:

id = "Nameserver open recursive queries (CVE-1999-0024) (BID 136, 678)"

I looked up the vulnerability IDs and they all refer to specific BIND
vulnerabilities, having to do more with predictable query IDs than
recursion. (Though recursion may be a factor in the vulnerabilities, I
don't know.)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0024
http://www.cert.org/advisories/CA-1997-22.html
http://www.securityfocus.com/bid/136/discuss
http://www.securityfocus.com/bid/678/discuss

Should these references be removed from the script? The script isn't
about BIND particularly or query IDs at all. If recursion plays a part
in the vulnerabilities, let's move the references to their own paragraph
later in the description along with an explanation.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org