Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66755
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0062
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0062.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named)
a resolver
library (routines for applications to use when interfacing with DNS)
and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was
running as a DNSSEC-validating resolver, it could incorrectly cache
NXDOMAIN responses, as if they were valid, for records proven by NSEC or
NSEC3 to exist. A remote attacker could use this flaw to cause a BIND
server to return the bogus, cached NXDOMAIN responses for valid records and
prevent users from retrieving those records (denial of service).
(CVE-2010-0097)

The original fix for CVE-2009-4022 was found to be incomplete. BIND was
incorrectly caching certain responses without performing proper DNSSEC
validation. CNAME and DNAME records could be cached, without proper DNSSEC
validation, when received from processing recursive client queries that
requested DNSSEC records but indicated that checking should be disabled. A
remote attacker could use this flaw to bypass the DNSSEC validation check
and perform a cache poisoning attack if the target BIND server was
receiving such client queries. (CVE-2010-0290)

All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues. After installing the
update, the BIND daemon (named) will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0062.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
4.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0097
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 37865
http://www.securityfocus.com/bid/37865
CERT/CC vulnerability note: VU#360341
http://www.kb.cert.org/vuls/id/360341
Debian Security Information: DSA-2054 (Google Search)
http://www.debian.org/security/2010/dsa-2054
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html
HPdes Security Advisory: HPSBUX02519
http://marc.info/?l=bugtraq&m=127195582210247&w=2
HPdes Security Advisory: SSRT100004
http://www.mandriva.com/security/advisories?name=MDVSA-2010:021
http://www.osvdb.org/61853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357
RedHat Security Advisories: RHSA-2010:0062
https://rhn.redhat.com/errata/RHSA-2010-0062.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://securitytracker.com/id?1023474
http://secunia.com/advisories/38169
http://secunia.com/advisories/38219
http://secunia.com/advisories/38240
http://secunia.com/advisories/39334
http://secunia.com/advisories/39582
http://secunia.com/advisories/40086
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
SuSE Security Announcement: SUSE-SA:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://www.ubuntu.com/usn/USN-888-1
http://www.vupen.com/english/advisories/2010/0176
http://www.vupen.com/english/advisories/2010/0622
http://www.vupen.com/english/advisories/2010/0981
http://www.vupen.com/english/advisories/2010/1352
XForce ISS Database: bind-dnssecnsec-cache-poisoning(55753)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55753
Common Vulnerability Exposure (CVE) ID: CVE-2010-0290
http://marc.info/?l=oss-security&m=126393609503704&w=2
http://marc.info/?l=oss-security&m=126399602810086&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884
Common Vulnerability Exposure (CVE) ID: CVE-2009-4022
AIX APAR: IZ68597
http://www.ibm.com/support/docview.wss?uid=isg1IZ68597
AIX APAR: IZ71667
http://www.ibm.com/support/docview.wss?uid=isg1IZ71667
AIX APAR: IZ71774
http://www.ibm.com/support/docview.wss?uid=isg1IZ71774
BugTraq ID: 37118
http://www.securityfocus.com/bid/37118
CERT/CC vulnerability note: VU#418861
http://www.kb.cert.org/vuls/id/418861
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:304
http://www.openwall.com/lists/oss-security/2009/11/24/2
http://www.openwall.com/lists/oss-security/2009/11/24/8
http://www.openwall.com/lists/oss-security/2009/11/24/1
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://osvdb.org/60493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459
http://www.redhat.com/support/errata/RHSA-2009-1620.html
http://secunia.com/advisories/37426
http://secunia.com/advisories/37491
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/40730
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1
http://www.vupen.com/english/advisories/2009/3335
http://www.vupen.com/english/advisories/2010/0528
XForce ISS Database: bind-dnssec-cache-poisoning(54416)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.