Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63243
Categoría:FreeBSD Local Security Checks
Título:FreeBSD Security Advisory (FreeBSD-SA-09:04.bind.asc)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-09:04.bind.asc

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server. DNS Security
Extensions (DNSSEC) are additional protocol options that add
authentication as part of responses to DNS queries.

FreeBSD includes software from the OpenSSL Project. The OpenSSL
Project is a collaborative effort to develop a robust,
commercial-grade, full-featured Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography
library.

The DSA_do_verify() function from OpenSSL is used to determine if a
DSA digital signature is valid. When DNSSEC is used within BIND it
uses DSA_do_verify() to verify DSA signatures, but checks the function
return value incorrectly.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date

http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:04.bind.asc

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0025
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BugTraq ID: 33151
http://www.securityfocus.com/bid/33151
Bugtraq: 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses (Google Search)
http://www.securityfocus.com/archive/1/499827/100/0/threaded
Bugtraq: 20090120 rPSA-2009-0009-1 bind bind-utils (Google Search)
http://www.securityfocus.com/archive/1/500207/100/0/threaded
Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search)
http://www.securityfocus.com/archive/1/502322/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html
FreeBSD Security Advisory: FreeBSD-SA-09:04
http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc
HPdes Security Advisory: HPSBOV03226
http://marc.info/?l=bugtraq&m=141879471518471&w=2
HPdes Security Advisory: SSRT101004
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33
http://www.ocert.org/advisories/ocert-2008-016.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569
http://secunia.com/advisories/33494
http://secunia.com/advisories/33546
http://secunia.com/advisories/33551
http://secunia.com/advisories/33559
http://secunia.com/advisories/33683
http://secunia.com/advisories/33882
http://secunia.com/advisories/35074
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362
http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1
http://www.vupen.com/english/advisories/2009/0043
http://www.vupen.com/english/advisories/2009/0366
http://www.vupen.com/english/advisories/2009/0904
http://www.vupen.com/english/advisories/2009/1297
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.