ID de Prueba:	1.3.6.1.4.1.25623.1.0.50828
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:038-1 (bind)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to bind announced via advisory MDKSA-2002:038-1. A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. Update: Sascha Kettler noticed that the version of BIND9 supplied originally was in fact 9.2.1RC1 and mis-labelled as 9.2.1. The packages provided in this update are BIND 9.2.1 final. Likewise, the buffer overflow in the DNS resolver libraries, as noted in MDKSA-2002:043, has also been fixed. Thanks to Bernhard Rosenkraenzer at Red Hat for backporting the patches from 8.3.3 to 9.2.1. Affected versions: 8.0, 8.1, 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:038-1 http://www.kb.cert.org/vuls/id/739123 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0400 http://www.kb.cert.org/vuls/id/803539 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0651 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0400 BugTraq ID: 4936 http://www.securityfocus.com/bid/4936 Caldera Security Advisory: CSSA-2002-SCO.24 ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt http://www.cert.org/advisories/CA-2002-15.html CERT/CC vulnerability note: VU#739123 http://www.kb.cert.org/vuls/id/739123 Conectiva Linux advisory: CLA-2002:494 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 HPdes Security Advisory: HPSBUX0207-202 http://archives.neohapsis.com/archives/hp/2002-q3/0022.html ISS Security Advisory: 20020604 Remote Denial of Service Vulnerability in ISC BIND http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038 http://www.redhat.com/support/errata/RHSA-2002-105.html http://www.redhat.com/support/errata/RHSA-2002-119.html http://www.redhat.com/support/errata/RHSA-2003-154.html SuSE Security Announcement: SuSE-SA:2002:021 (Google Search) http://www.novell.com/linux/security/advisories/2002_21_bind9.html http://www.iss.net/security_center/static/9250.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0651 AIX APAR: IY32719 http://archives.neohapsis.com/archives/aix/2002-q3/0001.html AIX APAR: IY32746 BugTraq ID: 5100 http://www.securityfocus.com/bid/5100 Bugtraq: 20020626 Remote buffer overflow in resolver code of libc (Google Search) http://marc.info/?l=bugtraq&m=102513011311504&w=2 Bugtraq: 20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) (Google Search) http://marc.info/?l=bugtraq&m=102579743329251&w=2 Caldera Security Advisory: CSSA-2002-SCO.37 ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Caldera Security Advisory: CSSA-2002-SCO.39 ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 http://www.cert.org/advisories/CA-2002-19.html CERT/CC vulnerability note: VU#803539 http://www.kb.cert.org/vuls/id/803539 Conectiva Linux advisory: CLSA-2002:507 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 En Garde Linux Advisory: ESA-20020724-018 http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html FreeBSD Security Advisory: FreeBSD-SA-02:28 http://marc.info/?l=bugtraq&m=102520962320134&w=2 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php http://www.pine.nl/advisories/pine-cert-20020601.txt NETBSD Security Advisory: NetBSD-SA2002-006 ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190 http://www.redhat.com/support/errata/RHSA-2002-133.html RedHat Security Advisories: RHSA-2002:139 http://rhn.redhat.com/errata/RHSA-2002-139.html http://www.redhat.com/support/errata/RHSA-2002-167.html SGI Security Advisory: 20020701-01-I ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/ http://www.iss.net/security_center/static/9432.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.