Re: Vulnerability IDs in dns-test-open-recursion.nse.

[jah <jah () zadkiel plus com>]

On 14/10/2008 16:21, David Fifield wrote:
> Hi,
>
> I was going through the documentation for the NSE scripts. I saw this in
> dns-test-open-recursion.nse:
>
> id = "Nameserver open recursive queries (CVE-1999-0024) (BID 136, 678)"
>
> I looked up the vulnerability IDs and they all refer to specific BIND
> vulnerabilities, having to do more with predictable query IDs than
> recursion. (Though recursion may be a factor in the vulnerabilities, I
> don't know.)
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0024
> http://www.cert.org/advisories/CA-1997-22.html
> http://www.securityfocus.com/bid/136/discuss
> http://www.securityfocus.com/bid/678/discuss
>
> Should these references be removed from the script? The script isn't
> about BIND particularly or query IDs at all. If recursion plays a part
> in the vulnerabilities, let's move the references to their own paragraph
> later in the description along with an explanation.
There's a nessus plugin 10539 [1] where this seems to have originated. 
I'm not sure about the connection between publicly available recursion
and the specific vulnerability mentioned in the CVE db, but I suppose
that vulnerable servers would be at a greater risk of poisoning if they
perform queries on behalf of every Tom, Dick and Harry.  I vote for
complete removal of the references.

jah

[1] http://www.nessus.org/plugins/index.php?view=single&id=10539
<http://www.nessus.org/plugins/index.php?view=single&id=10539>


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org