ID de Prueba:	1.3.6.1.4.1.25623.1.0.51254
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2002:119
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2002:119. Version 9 of ISC BIND, prior to version 9.2.1, contained a denial of service (DoS) attack vulnerability. Various versions of the ISC BIND resolver libraries are vulnerable to a buffer overflow attack. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named) -- which resolves hostnames to IP addresses, a resolver library (routines for applications to use when interfacing with DNS), and various tools. Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests to the BIND name server to fail an internal consistency check, causing the name server to stop responding to requests. This can be used by a remote attacker to cause a denial of service (DoS) attack against name servers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0400 to this issue. A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) attack on a vulnerable system. Red Hat Linux does not ship with any applications or libraries that link against the BIND resolver libraries however, third party code may be affected. (CVE-2002-0651) Red Hat Linux Advanced Server shipped with a version of ISC BIND vulnerable to both of these issues. All users of BIND are advised to upgrade to the errata packages containing BIND 9.2.1 which contains backported patches that correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2002-119.html http://www.kb.cert.org/vuls/id/803539 http://online.securityfocus.com/bid/5100 http://www.cert.org/advisories/CA-2002-19.html http://www.cert.org/advisories/CA-2002-15.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0400 BugTraq ID: 4936 http://www.securityfocus.com/bid/4936 Caldera Security Advisory: CSSA-2002-SCO.24 ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt http://www.cert.org/advisories/CA-2002-15.html CERT/CC vulnerability note: VU#739123 http://www.kb.cert.org/vuls/id/739123 Conectiva Linux advisory: CLA-2002:494 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494 HPdes Security Advisory: HPSBUX0207-202 http://archives.neohapsis.com/archives/hp/2002-q3/0022.html ISS Security Advisory: 20020604 Remote Denial of Service Vulnerability in ISC BIND http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038 http://www.redhat.com/support/errata/RHSA-2002-105.html http://www.redhat.com/support/errata/RHSA-2002-119.html http://www.redhat.com/support/errata/RHSA-2003-154.html SuSE Security Announcement: SuSE-SA:2002:021 (Google Search) http://www.novell.com/linux/security/advisories/2002_21_bind9.html http://www.iss.net/security_center/static/9250.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0651 AIX APAR: IY32719 http://archives.neohapsis.com/archives/aix/2002-q3/0001.html AIX APAR: IY32746 BugTraq ID: 5100 http://www.securityfocus.com/bid/5100 Bugtraq: 20020626 Remote buffer overflow in resolver code of libc (Google Search) http://marc.info/?l=bugtraq&m=102513011311504&w=2 Bugtraq: 20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) (Google Search) http://marc.info/?l=bugtraq&m=102579743329251&w=2 Caldera Security Advisory: CSSA-2002-SCO.37 ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37 Caldera Security Advisory: CSSA-2002-SCO.39 ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39 http://www.cert.org/advisories/CA-2002-19.html CERT/CC vulnerability note: VU#803539 http://www.kb.cert.org/vuls/id/803539 Conectiva Linux advisory: CLSA-2002:507 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507 En Garde Linux Advisory: ESA-20020724-018 http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html FreeBSD Security Advisory: FreeBSD-SA-02:28 http://marc.info/?l=bugtraq&m=102520962320134&w=2 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php http://www.pine.nl/advisories/pine-cert-20020601.txt NETBSD Security Advisory: NetBSD-SA2002-006 ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190 http://www.redhat.com/support/errata/RHSA-2002-133.html RedHat Security Advisories: RHSA-2002:139 http://rhn.redhat.com/errata/RHSA-2002-139.html http://www.redhat.com/support/errata/RHSA-2002-167.html SGI Security Advisory: 20020701-01-I ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/ http://www.iss.net/security_center/static/9432.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.