Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:1179

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64505

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:1179

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:1179.;;The Berkeley Internet Name Domain (BIND) is an implementation of the Domain;Name System (DNS) protocols. BIND includes a DNS server (named), a resolver;library (routines for applications to use when interfacing with DNS), and;tools for verifying that the DNS server is operating correctly.;;A flaw was found in the way BIND handles dynamic update message packets;containing the ANY record type. A remote attacker could use this flaw to;send a specially-crafted dynamic update packet that could cause named to;exit with an assertion failure. (CVE-2009-0696);;Note: even if named is not configured for dynamic updates, receiving such;a specially-crafted dynamic update packet could still cause named to exit;unexpectedly.;;All BIND users are advised to upgrade to these updated packages, which;contain a backported patch to resolve this issue. After installing the;update, the BIND daemon (named) will be restarted automatically.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1179.

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named), a resolver
library (routines for applications to use when interfacing with DNS), and
tools for verifying that the DNS server is operating correctly.

A flaw was found in the way BIND handles dynamic update message packets
containing the ANY record type. A remote attacker could use this flaw to
send a specially-crafted dynamic update packet that could cause named to
exit with an assertion failure. (CVE-2009-0696)

Note: even if named is not configured for dynamic updates, receiving such
a specially-crafted dynamic update packet could still cause named to exit
unexpectedly.

All BIND users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0696
Bugtraq: 20090729 rPSA-2009-0113-1 bind bind-utils (Google Search)
http://www.securityfocus.com/archive/1/505403/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
CERT/CC vulnerability note: VU#725188
http://www.kb.cert.org/vuls/id/725188
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html
NETBSD Security Advisory: NetBSD-SA2009-013
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc
OpenBSD Security Advisory: [4.4] 014: RELIABILITY FIX: July 29, 2009
http://www.openbsd.org/errata44.html#014_bind
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806
http://www.securitytracker.com/id?1022613
http://secunia.com/advisories/36035
http://secunia.com/advisories/36038
http://secunia.com/advisories/36050
http://secunia.com/advisories/36053
http://secunia.com/advisories/36056
http://secunia.com/advisories/36063
http://secunia.com/advisories/36086
http://secunia.com/advisories/36098
http://secunia.com/advisories/36192
http://secunia.com/advisories/37471
http://secunia.com/advisories/39334
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1
http://www.ubuntu.com/usn/usn-808-1
http://www.vupen.com/english/advisories/2009/2036
http://www.vupen.com/english/advisories/2009/2088
http://www.vupen.com/english/advisories/2009/2171
http://www.vupen.com/english/advisories/2009/2247
http://www.vupen.com/english/advisories/2009/3316

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64505
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1179
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:1179.;;The Berkeley Internet Name Domain (BIND) is an implementation of the Domain;Name System (DNS) protocols. BIND includes a DNS server (named), a resolver;library (routines for applications to use when interfacing with DNS), and;tools for verifying that the DNS server is operating correctly.;;A flaw was found in the way BIND handles dynamic update message packets;containing the ANY record type. A remote attacker could use this flaw to;send a specially-crafted dynamic update packet that could cause named to;exit with an assertion failure. (CVE-2009-0696);;Note: even if named is not configured for dynamic updates, receiving such;a specially-crafted dynamic update packet could still cause named to exit;unexpectedly.;;All BIND users are advised to upgrade to these updated packages, which;contain a backported patch to resolve this issue. After installing the;update, the BIND daemon (named) will be restarted automatically.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1179. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), a resolver library (routines for applications to use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the ANY record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. (CVE-2009-0696) Note: even if named is not configured for dynamic updates, receiving such a specially-crafted dynamic update packet could still cause named to exit unexpectedly. All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0696 Bugtraq: 20090729 rPSA-2009-0113-1 bind bind-utils (Google Search) http://www.securityfocus.com/archive/1/505403/100/0/threaded Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded CERT/CC vulnerability note: VU#725188 http://www.kb.cert.org/vuls/id/725188 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01265.html NETBSD Security Advisory: NetBSD-SA2009-013 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-013.txt.asc OpenBSD Security Advisory: [4.4] 014: RELIABILITY FIX: July 29, 2009 http://www.openbsd.org/errata44.html#014_bind https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10414 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12245 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7806 http://www.securitytracker.com/id?1022613 http://secunia.com/advisories/36035 http://secunia.com/advisories/36038 http://secunia.com/advisories/36050 http://secunia.com/advisories/36053 http://secunia.com/advisories/36056 http://secunia.com/advisories/36063 http://secunia.com/advisories/36086 http://secunia.com/advisories/36098 http://secunia.com/advisories/36192 http://secunia.com/advisories/37471 http://secunia.com/advisories/39334 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020788.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-264828-1 http://www.ubuntu.com/usn/usn-808-1 http://www.vupen.com/english/advisories/2009/2036 http://www.vupen.com/english/advisories/2009/2088 http://www.vupen.com/english/advisories/2009/2171 http://www.vupen.com/english/advisories/2009/2247 http://www.vupen.com/english/advisories/2009/3316
Copyright	Copyright (C) 2009 E-Soft Inc.