ID de Prueba:	1.3.6.1.4.1.25623.1.0.69203
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0975
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0975. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named) a resolver library (routines for applications to use when interfacing with DNS) and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) It was discovered that, in certain cases, named did not properly perform DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY algorithm rollover. This flaw could cause the validator to incorrectly determine that the zone is insecure and not protected by DNSSEC. (CVE-2010-3614) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0975.html Risk factor : High CVSS Score: 6.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3613 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 45133 http://www.securityfocus.com/bid/45133 Bugtraq: 20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm. (Google Search) http://www.securityfocus.com/archive/1/516909/100/0/threaded CERT/CC vulnerability note: VU#706148 http://www.kb.cert.org/vuls/id/706148 Debian Security Information: DSA-2130 (Google Search) http://www.debian.org/security/2010/dsa-2130 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html HPdes Security Advisory: HPSBUX02655 http://marc.info/?l=bugtraq&m=130270720601677&w=2 HPdes Security Advisory: SSRT100353 http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 http://lists.vmware.com/pipermail/security-announce/2011/000126.html NETBSD Security Advisory: NetBSD-SA2011-001 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-001.txt.asc http://www.osvdb.org/69558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12601 http://www.redhat.com/support/errata/RHSA-2010-0975.html http://www.redhat.com/support/errata/RHSA-2010-0976.html http://www.redhat.com/support/errata/RHSA-2010-1000.html http://securitytracker.com/id?1024817 http://secunia.com/advisories/42374 http://secunia.com/advisories/42459 http://secunia.com/advisories/42522 http://secunia.com/advisories/42671 http://secunia.com/advisories/42707 http://secunia.com/advisories/43141 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190 http://www.ubuntu.com/usn/USN-1025-1 http://www.vupen.com/english/advisories/2010/3102 http://www.vupen.com/english/advisories/2010/3103 http://www.vupen.com/english/advisories/2010/3138 http://www.vupen.com/english/advisories/2010/3139 http://www.vupen.com/english/advisories/2010/3140 http://www.vupen.com/english/advisories/2011/0267 http://www.vupen.com/english/advisories/2011/0606 Common Vulnerability Exposure (CVE) ID: CVE-2010-3614 BugTraq ID: 45137 http://www.securityfocus.com/bid/45137 CERT/CC vulnerability note: VU#837744 http://www.kb.cert.org/vuls/id/837744 http://www.osvdb.org/69559 http://secunia.com/advisories/42435
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.