ID de Prueba:	1.3.6.1.4.1.25623.1.0.120129
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-84)
Resumen:	The remote host is missing an update for the 'bind' package(s) announced via the ALAS-2012-84 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the ALAS-2012-84 advisory. Vulnerability Insight: A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Affected Software/OS: 'bind' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1033 BugTraq ID: 51898 http://www.securityfocus.com/bid/51898 CERT/CC vulnerability note: VU#542123 http://www.kb.cert.org/vuls/id/542123 HPdes Security Advisory: HPSBUX02835 http://marc.info/?l=bugtraq&m=135638082529878&w=2 HPdes Security Advisory: SSRT100763 http://osvdb.org/78916 RedHat Security Advisories: RHSA-2012:0717 http://rhn.redhat.com/errata/RHSA-2012-0717.html http://www.securitytracker.com/id?1026647 http://secunia.com/advisories/47884 SuSE Security Announcement: openSUSE-SU-2012:0863 (Google Search) https://hermes.opensuse.org/messages/15136456 SuSE Security Announcement: openSUSE-SU-2012:0864 (Google Search) https://hermes.opensuse.org/messages/15136477 XForce ISS Database: isc-bind-update-sec-bypass(73053) https://exchange.xforce.ibmcloud.com/vulnerabilities/73053 Common Vulnerability Exposure (CVE) ID: CVE-2012-1667 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html BugTraq ID: 53772 http://www.securityfocus.com/bid/53772 CERT/CC vulnerability note: VU#381699 http://www.kb.cert.org/vuls/id/381699 Debian Security Information: DSA-2486 (Google Search) http://www.debian.org/security/2012/dsa-2486 HPdes Security Advisory: HPSBUX02795 http://marc.info/?l=bugtraq&m=134132772016230&w=2 HPdes Security Advisory: SSRT100878 http://www.mandriva.com/security/advisories?name=MDVSA-2012:089 RedHat Security Advisories: RHSA-2012:1110 http://rhn.redhat.com/errata/RHSA-2012-1110.html http://secunia.com/advisories/51096 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 SuSE Security Announcement: SUSE-SU-2012:0741 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00010.html SuSE Security Announcement: openSUSE-SU-2012:0722 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00005.html
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.