Test Kennung:	1.3.6.1.4.1.25623.1.0.58548
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200708-13 (bind)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200708-13.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200708-13. Vulnerability Insight: The ISC BIND random number generator uses a weak algorithm, making it easier to guess the next query ID and perform a DNS cache poisoning attack. Solution: All ISC BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/bind-9.4.1_p1' CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2925 BugTraq ID: 25076 http://www.securityfocus.com/bid/25076 http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:149 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html http://www.securitytracker.com/id?1018441 http://secunia.com/advisories/26227 http://secunia.com/advisories/26236 http://secunia.com/advisories/26509 http://secunia.com/advisories/26515 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385 http://www.vupen.com/english/advisories/2007/2628 http://www.vupen.com/english/advisories/2007/2914 XForce ISS Database: isc-bind-acl-security-bypass(35571) https://exchange.xforce.ibmcloud.com/vulnerabilities/35571 Common Vulnerability Exposure (CVE) ID: CVE-2007-2926 AIX APAR: IZ02218 http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only AIX APAR: IZ02219 http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 25037 http://www.securityfocus.com/bid/25037 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (Google Search) http://www.securityfocus.com/archive/1/474516/100/0/threaded Bugtraq: 20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (Google Search) http://www.securityfocus.com/archive/1/474545/100/0/threaded http://www.securityfocus.com/archive/1/474808/100/0/threaded http://www.securityfocus.com/archive/1/474856/100/0/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html CERT/CC vulnerability note: VU#252735 http://www.kb.cert.org/vuls/id/252735 Debian Security Information: DSA-1341 (Google Search) http://www.debian.org/security/2007/dsa-1341 FreeBSD Security Advisory: FreeBSD-SA-07:07 http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc HPdes Security Advisory: HPSBOV02261 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368 HPdes Security Advisory: HPSBOV03226 http://marc.info/?l=bugtraq&m=141879471518471&w=2 HPdes Security Advisory: HPSBTU02256 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600 HPdes Security Advisory: HPSBUX02251 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426 HPdes Security Advisory: SSRT071449 HPdes Security Advisory: SSRT101004 http://www.securiteam.com/securitynews/5VP0L0UM0A.html http://www.trusteer.com/docs/bind9dns.html http://www.trusteer.com/docs/bind9dns_s.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226 http://www.redhat.com/support/errata/RHSA-2007-0740.html http://www.securitytracker.com/id?1018442 http://secunia.com/advisories/26148 http://secunia.com/advisories/26152 http://secunia.com/advisories/26160 http://secunia.com/advisories/26180 http://secunia.com/advisories/26195 http://secunia.com/advisories/26217 http://secunia.com/advisories/26231 http://secunia.com/advisories/26261 http://secunia.com/advisories/26308 http://secunia.com/advisories/26330 http://secunia.com/advisories/26531 http://secunia.com/advisories/26605 http://secunia.com/advisories/26607 http://secunia.com/advisories/26847 http://secunia.com/advisories/26925 http://secunia.com/advisories/27643 SGI Security Advisory: 20070801-01-P ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1 SuSE Security Announcement: SUSE-SA:2007:047 (Google Search) http://www.novell.com/linux/security/advisories/2007_47_bind.html http://www.trustix.org/errata/2007/0023/ http://www.ubuntu.com/usn/usn-491-1 http://www.vupen.com/english/advisories/2007/2627 http://www.vupen.com/english/advisories/2007/2662 http://www.vupen.com/english/advisories/2007/2782 http://www.vupen.com/english/advisories/2007/2932 http://www.vupen.com/english/advisories/2007/3242 http://www.vupen.com/english/advisories/2007/3868 XForce ISS Database: isc-bind-queryid-spoofing(35575) https://exchange.xforce.ibmcloud.com/vulnerabilities/35575
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.