ARTICLE

PorkBind v1.2 : 13 DNS security flaws scanner (including DNS Poisoning)

Thursday 31 July 2008

PorkBind is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom’s nameservers then host.dom’s nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user. Zone transfer capability is also tested for

This little test software checks for vulnerabilities defined into the default porkbind.conf. As well as Cache poisoning, NXT bug, Malformed SIG overflow, Crypto weaks and many others.

The vulnerabilities detected are described into advisories repository. The newest covered Cache poisoning is the alert TA08-190B (otherwise the famous CVE-2008-1447)

We recommand this utility because it checks for 13 critical DNS flaws.

Here is the internal links to vulnerabilities along with their CVSS v2.0 scores and OVAL checks (when available).

- CVE-1999-0024
- CVE-1999-0849
- CVE-1999-0009
- CVE-2001-0010
- CVE-2001-0011
- CVE-2001-0012
- CVE-2001-0013
- CVE-2002-0400
- CVE-2002-1219
- CVE-2002-1220
- CVE-2002-1221
- CVE-2002-0029
- CVE-2007-2930
- CVE-2007-2926
- CVE-2008-1447


POSTSCRIPTUM

Download


RELATED ARTICLES

Configurations checks, PorkBind, Vulnerability Scanner,

17 August 2008 : PorkBind updated to 1.3.
31 July 2008 : PorkBind v1.2 : 13 DNS security flaws scanner (including DNS Poisoning)