ID de Prueba:	1.3.6.1.4.1.25623.1.0.880845
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for bind CESA-2009:0020 centos5 i386
Resumen:	The remote host is missing an update for the 'bind'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the referenced advisory. Vulnerability Insight: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically. Affected Software/OS: bind on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0025 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses http://www.securityfocus.com/archive/1/499827/100/0/threaded 20090120 rPSA-2009-0009-1 bind bind-utils http://www.securityfocus.com/archive/1/500207/100/0/threaded 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim http://www.securityfocus.com/archive/1/502322/100/0/threaded 250846 http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1 33151 http://www.securityfocus.com/bid/33151 33494 http://secunia.com/advisories/33494 33546 http://secunia.com/advisories/33546 33551 http://secunia.com/advisories/33551 33559 http://secunia.com/advisories/33559 33683 http://secunia.com/advisories/33683 33882 http://secunia.com/advisories/33882 35074 http://secunia.com/advisories/35074 ADV-2009-0043 http://www.vupen.com/english/advisories/2009/0043 ADV-2009-0366 http://www.vupen.com/english/advisories/2009/0366 ADV-2009-0904 http://www.vupen.com/english/advisories/2009/0904 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html FEDORA-2009-0350 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html FreeBSD-SA-09:04 http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc HPSBOV03226 http://marc.info/?l=bugtraq&m=141879471518471&w=2 SSA:2009-014-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 SSRT101004 TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://support.apple.com/kb/HT3549 http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm http://wiki.rpath.com/Advisories:rPSA-2009-0009 http://www.ocert.org/advisories/ocert-2008-016.html http://www.openbsd.org/errata44.html#008_bind http://www.vmware.com/security/advisories/VMSA-2009-0004.html https://issues.rpath.com/browse/RPL-2938 https://www.isc.org/software/bind/advisories/cve-2009-0025 oval:org.mitre.oval:def:10879 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879 oval:org.mitre.oval:def:5569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.