Debian Local Security Checks : Debian Security Advisory DSA 771-1 (pdns)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.54477

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 771-1 (pdns)

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing an update to pdns
announced via advisory DSA 771-1.

Several problems have been discovered in pdns, a versatile nameserver
that can lead to a denial of service. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2005-2301

Norbert Sendetzky and Jan de Groot discoverd that the LDAP backend
did not properly escape all queries, allowing it to fail and not
answer queries anymore.

CVE-2005-2302

Wilco Baan discovered that queries from clients without recursion
permission can temporarily blank out domains to clients with
recursion permitted. This enables outside users to blank out a
domain temporarily to normal users.

The old stable distribution (woody) does not contain pdns packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.9.17-13sarge1.

For the unstable distribution (sid) these problems have been fixed in
version 2.9.18-1.

We recommend that you upgrade your pdns package.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%20771-1

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-2301
BugTraq ID: 14290
http://www.securityfocus.com/bid/14290
Bugtraq: 20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP (Google Search)
http://marc.info/?l=bugtraq&m=112155941310297&w=2
http://securitytracker.com/id?1014504
SuSE Security Announcement: SUSE-SR:2005:019 (Google Search)
http://www.novell.com/linux/security/advisories/2005_19_sr.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-2302

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.54477
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 771-1 (pdns)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to pdns announced via advisory DSA 771-1. Several problems have been discovered in pdns, a versatile nameserver that can lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2301 Norbert Sendetzky and Jan de Groot discoverd that the LDAP backend did not properly escape all queries, allowing it to fail and not answer queries anymore. CVE-2005-2302 Wilco Baan discovered that queries from clients without recursion permission can temporarily blank out domains to clients with recursion permitted. This enables outside users to blank out a domain temporarily to normal users. The old stable distribution (woody) does not contain pdns packages. For the stable distribution (sarge) these problems have been fixed in version 2.9.17-13sarge1. For the unstable distribution (sid) these problems have been fixed in version 2.9.18-1. We recommend that you upgrade your pdns package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%20771-1 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2301 BugTraq ID: 14290 http://www.securityfocus.com/bid/14290 Bugtraq: 20050716 PowerDNS 2.9.18 fixes two security issues affecting users of LDAP (Google Search) http://marc.info/?l=bugtraq&m=112155941310297&w=2 http://securitytracker.com/id?1014504 SuSE Security Announcement: SUSE-SR:2005:019 (Google Search) http://www.novell.com/linux/security/advisories/2005_19_sr.html Common Vulnerability Exposure (CVE) ID: CVE-2005-2302
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com