Test Kennung:	1.3.6.1.4.1.25623.1.0.58932
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2007:0740
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2007:0740. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0740.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 4.3
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2926 AIX APAR: IZ02218 http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only AIX APAR: IZ02219 http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 25037 http://www.securityfocus.com/bid/25037 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (Google Search) http://www.securityfocus.com/archive/1/474516/100/0/threaded Bugtraq: 20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer) (Google Search) http://www.securityfocus.com/archive/1/474545/100/0/threaded http://www.securityfocus.com/archive/1/474808/100/0/threaded http://www.securityfocus.com/archive/1/474856/100/0/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html CERT/CC vulnerability note: VU#252735 http://www.kb.cert.org/vuls/id/252735 Debian Security Information: DSA-1341 (Google Search) http://www.debian.org/security/2007/dsa-1341 FreeBSD Security Advisory: FreeBSD-SA-07:07 http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml HPdes Security Advisory: HPSBOV02261 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368 HPdes Security Advisory: HPSBOV03226 http://marc.info/?l=bugtraq&m=141879471518471&w=2 HPdes Security Advisory: HPSBTU02256 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600 HPdes Security Advisory: HPSBUX02251 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426 HPdes Security Advisory: SSRT071449 HPdes Security Advisory: SSRT101004 http://www.mandriva.com/security/advisories?name=MDKSA-2007:149 http://www.securiteam.com/securitynews/5VP0L0UM0A.html http://www.trusteer.com/docs/bind9dns.html http://www.trusteer.com/docs/bind9dns_s.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226 http://www.redhat.com/support/errata/RHSA-2007-0740.html http://www.securitytracker.com/id?1018442 http://secunia.com/advisories/26148 http://secunia.com/advisories/26152 http://secunia.com/advisories/26160 http://secunia.com/advisories/26180 http://secunia.com/advisories/26195 http://secunia.com/advisories/26217 http://secunia.com/advisories/26227 http://secunia.com/advisories/26231 http://secunia.com/advisories/26236 http://secunia.com/advisories/26261 http://secunia.com/advisories/26308 http://secunia.com/advisories/26330 http://secunia.com/advisories/26509 http://secunia.com/advisories/26515 http://secunia.com/advisories/26531 http://secunia.com/advisories/26605 http://secunia.com/advisories/26607 http://secunia.com/advisories/26847 http://secunia.com/advisories/26925 http://secunia.com/advisories/27643 SGI Security Advisory: 20070801-01-P ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1 SuSE Security Announcement: SUSE-SA:2007:047 (Google Search) http://www.novell.com/linux/security/advisories/2007_47_bind.html http://www.trustix.org/errata/2007/0023/ http://www.ubuntu.com/usn/usn-491-1 http://www.vupen.com/english/advisories/2007/2627 http://www.vupen.com/english/advisories/2007/2662 http://www.vupen.com/english/advisories/2007/2782 http://www.vupen.com/english/advisories/2007/2914 http://www.vupen.com/english/advisories/2007/2932 http://www.vupen.com/english/advisories/2007/3242 http://www.vupen.com/english/advisories/2007/3868 XForce ISS Database: isc-bind-queryid-spoofing(35575) https://exchange.xforce.ibmcloud.com/vulnerabilities/35575
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.