CentOS Local Security Checks : CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881456

Categoría: CentOS Local Security Checks

Título: CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6

Resumen: The remote host is missing an update for the 'bind-dyndb-ldap'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'bind-dyndb-ldap'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The dynamic LDAP back end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates and
internal caching that help to reduce the load on LDAP servers.

A flaw was found in the way bind-dyndb-ldap performed the escaping of names
from DNS requests for use in LDAP queries. A remote attacker able to send
DNS queries to a named server that is configured to use bind-dyndb-ldap
could use this flaw to cause named to exit unexpectedly with an assertion
failure. (CVE-2012-3429)

Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this
issue.

All bind-dyndb-ldap users should upgrade to this updated package, which
contains a backported patch to correct this issue. For the update to take
effect, the named service must be restarted.

Affected Software/OS:
bind-dyndb-ldap on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3429
1027341
http://www.securitytracker.com/id?1027341
50086
http://secunia.com/advisories/50086
50159
http://secunia.com/advisories/50159
54787
http://www.securityfocus.com/bid/54787
RHSA-2012:1139
http://rhn.redhat.com/errata/RHSA-2012-1139.html
[oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429
http://www.openwall.com/lists/oss-security/2012/08/02/5
binddyndbldap-dnstoldapdnescape-dos(77391)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77391
http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006
https://bugzilla.redhat.com/show_bug.cgi?id=842466

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881456
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6
Resumen:	The remote host is missing an update for the 'bind-dyndb-ldap'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'bind-dyndb-ldap' package(s) announced via the referenced advisory. Vulnerability Insight: The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure. (CVE-2012-3429) Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted. Affected Software/OS: bind-dyndb-ldap on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3429 1027341 http://www.securitytracker.com/id?1027341 50086 http://secunia.com/advisories/50086 50159 http://secunia.com/advisories/50159 54787 http://www.securityfocus.com/bid/54787 RHSA-2012:1139 http://rhn.redhat.com/errata/RHSA-2012-1139.html [oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429 http://www.openwall.com/lists/oss-security/2012/08/02/5 binddyndbldap-dnstoldapdnescape-dos(77391) https://exchange.xforce.ibmcloud.com/vulnerabilities/77391 http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006 https://bugzilla.redhat.com/show_bug.cgi?id=842466
Copyright	Copyright (C) 2012 Greenbone AG