Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880465
Category:CentOS Local Security Checks
Title:CentOS Update for bind CESA-2010:1000 centos4 i386
Summary:The remote host is missing an update for the 'bind'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'bind'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named), a resolver
library (routines for applications to use when interfacing with DNS), and
tools for verifying that the DNS server is operating correctly.

It was discovered that named did not invalidate previously cached SIG
records when adding an NCACHE record for the same entry to the cache. A
remote attacker allowed to send recursive DNS queries to named could use
this flaw to crash named. (CVE-2010-3613)

All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

Affected Software/OS:
bind on CentOS 4

Solution:
Please install the updated packages.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3613
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 45133
http://www.securityfocus.com/bid/45133
Bugtraq: 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. (Google Search)
http://www.securityfocus.com/archive/1/516909/100/0/threaded
CERT/CC vulnerability note: VU#706148
http://www.kb.cert.org/vuls/id/706148
Debian Security Information: DSA-2130 (Google Search)
http://www.debian.org/security/2010/dsa-2130
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html
HPdes Security Advisory: HPSBUX02655
http://marc.info/?l=bugtraq&m=130270720601677&w=2
HPdes Security Advisory: SSRT100353
http://www.mandriva.com/security/advisories?name=MDVSA-2010:253
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
NETBSD Security Advisory: NetBSD-SA2011-001
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc
http://www.osvdb.org/69558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601
http://www.redhat.com/support/errata/RHSA-2010-0975.html
http://www.redhat.com/support/errata/RHSA-2010-0976.html
http://www.redhat.com/support/errata/RHSA-2010-1000.html
http://securitytracker.com/id?1024817
http://secunia.com/advisories/42374
http://secunia.com/advisories/42459
http://secunia.com/advisories/42522
http://secunia.com/advisories/42671
http://secunia.com/advisories/42707
http://secunia.com/advisories/43141
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190
http://www.ubuntu.com/usn/USN-1025-1
http://www.vupen.com/english/advisories/2010/3102
http://www.vupen.com/english/advisories/2010/3103
http://www.vupen.com/english/advisories/2010/3138
http://www.vupen.com/english/advisories/2010/3139
http://www.vupen.com/english/advisories/2010/3140
http://www.vupen.com/english/advisories/2011/0267
http://www.vupen.com/english/advisories/2011/0606
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.