Red Hat Local Security Checks : RedHat Security Advisory RHSA-2012:1139

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71445

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2012:1139

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory RHSA-2012:1139.

The dynamic LDAP back end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates and
internal caching that help to reduce the load on LDAP servers.

A flaw was found in the way bind-dyndb-ldap performed the escaping of names
from DNS requests for use in LDAP queries. A remote attacker able to send
DNS queries to a named server that is configured to use bind-dyndb-ldap
could use this flaw to cause named to exit unexpectedly with an assertion
failure. (CVE-2012-3429)

Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this
issue.

All bind-dyndb-ldap users should upgrade to this updated package, which
contains a backported patch to correct this issue. For the update to take
effect, the named service must be restarted.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-1139.html

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3429
1027341
http://www.securitytracker.com/id?1027341
50086
http://secunia.com/advisories/50086
50159
http://secunia.com/advisories/50159
54787
http://www.securityfocus.com/bid/54787
RHSA-2012:1139
http://rhn.redhat.com/errata/RHSA-2012-1139.html
[oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429
http://www.openwall.com/lists/oss-security/2012/08/02/5
binddyndbldap-dnstoldapdnescape-dos(77391)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77391
http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006
https://bugzilla.redhat.com/show_bug.cgi?id=842466

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71445
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2012:1139
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2012:1139. The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure. (CVE-2012-3429) Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-1139.html Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3429 1027341 http://www.securitytracker.com/id?1027341 50086 http://secunia.com/advisories/50086 50159 http://secunia.com/advisories/50159 54787 http://www.securityfocus.com/bid/54787 RHSA-2012:1139 http://rhn.redhat.com/errata/RHSA-2012-1139.html [oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429 http://www.openwall.com/lists/oss-security/2012/08/02/5 binddyndbldap-dnstoldapdnescape-dos(77391) https://exchange.xforce.ibmcloud.com/vulnerabilities/77391 http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006 https://bugzilla.redhat.com/show_bug.cgi?id=842466
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com