Test Kennung:	1.3.6.1.4.1.25623.1.0.63400
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:037 (bind)
Zusammenfassung:	The remote host is missing an update to bind;announced via advisory MDVSA-2009:037.
Beschreibung:	Summary: The remote host is missing an update to bind announced via advisory MDVSA-2009:037. Vulnerability Insight: Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265). Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5077 1021523 http://www.securitytracker.com/id?1021523 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses http://www.securityfocus.com/archive/1/499827/100/0/threaded 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim http://www.securityfocus.com/archive/1/502322/100/0/threaded 250826 http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1 33150 http://www.securityfocus.com/bid/33150 33338 http://secunia.com/advisories/33338 33394 http://secunia.com/advisories/33394 33436 http://secunia.com/advisories/33436 33557 http://secunia.com/advisories/33557 33673 http://secunia.com/advisories/33673 33765 http://secunia.com/advisories/33765 34211 http://secunia.com/advisories/34211 35074 http://secunia.com/advisories/35074 35108 http://secunia.com/advisories/35108 39005 http://secunia.com/advisories/39005 ADV-2009-0040 http://www.vupen.com/english/advisories/2009/0040 ADV-2009-0289 http://www.vupen.com/english/advisories/2009/0289 ADV-2009-0362 http://www.vupen.com/english/advisories/2009/0362 ADV-2009-0558 http://www.vupen.com/english/advisories/2009/0558 ADV-2009-0904 http://www.vupen.com/english/advisories/2009/0904 ADV-2009-0913 http://www.vupen.com/english/advisories/2009/0913 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2009-1338 http://www.vupen.com/english/advisories/2009/1338 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html GLSA-200902-02 http://security.gentoo.org/glsa/glsa-200902-02.xml HPSBMA02426 http://marc.info/?l=bugtraq&m=124277349419254&w=2 HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPSBUX02418 http://marc.info/?l=bugtraq&m=123859864430555&w=2 RHSA-2009:0004 http://www.redhat.com/support/errata/RHSA-2009-0004.html SSA:2009-014-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796 SSRT090002 SSRT090053 SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html USN-704-1 https://usn.ubuntu.com/704-1/ http://support.apple.com/kb/HT3549 http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653 http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html http://www.ocert.org/advisories/ocert-2008-016.html http://www.openssl.org/news/secadv_20090107.txt http://www.vmware.com/security/advisories/VMSA-2009-0004.html openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html oval:org.mitre.oval:def:6380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380 oval:org.mitre.oval:def:9155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155 Common Vulnerability Exposure (CVE) ID: CVE-2009-0025 20090120 rPSA-2009-0009-1 bind bind-utils http://www.securityfocus.com/archive/1/500207/100/0/threaded 250846 http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1 33151 http://www.securityfocus.com/bid/33151 33494 http://secunia.com/advisories/33494 33546 http://secunia.com/advisories/33546 33551 http://secunia.com/advisories/33551 33559 http://secunia.com/advisories/33559 33683 http://secunia.com/advisories/33683 33882 http://secunia.com/advisories/33882 ADV-2009-0043 http://www.vupen.com/english/advisories/2009/0043 ADV-2009-0366 http://www.vupen.com/english/advisories/2009/0366 FEDORA-2009-0350 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html FreeBSD-SA-09:04 http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc HPSBOV03226 http://marc.info/?l=bugtraq&m=141879471518471&w=2 SSA:2009-014-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 SSRT101004 http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm http://wiki.rpath.com/Advisories:rPSA-2009-0009 http://www.openbsd.org/errata44.html#008_bind https://issues.rpath.com/browse/RPL-2938 https://www.isc.org/software/bind/advisories/cve-2009-0025 oval:org.mitre.oval:def:10879 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879 oval:org.mitre.oval:def:5569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569 Common Vulnerability Exposure (CVE) ID: CVE-2009-0265 http://www.mandriva.com/security/advisories?name=MDVSA-2009:037
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.