CentOS Local Security Checks : CentOS Update for bind CESA-2017:1679 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882748

Categoría: CentOS Local Security Checks

Título: CentOS Update for bind CESA-2017:1679 centos6

Resumen: Check the version of bind

Descripción: Summary:
Check the version of bind

Vulnerability Insight:
The Berkeley Internet Name Domain (BIND)
is an implementation of the Domain Name System (DNS) protocols. BIND includes
a DNS server (named) a resolver library (routines for applications to use when
interfacing with DNS) and tools for verifying that the DNS server is operating
correctly.

Security Fix(es):

* A flaw was found in the way BIND handled TSIG authentication for dynamic
updates. A remote attacker able to communicate with an authoritative BIND
server could use this flaw to manipulate the contents of a zone, by forging
a valid TSIG or SIG(0) signature for a dynamic update request.
(CVE-2017-3143)

* A flaw was found in the way BIND handled TSIG authentication of AXFR
requests. A remote attacker, able to communicate with an authoritative BIND
server, could use this flaw to view the entire contents of a zone by
sending a specially constructed request packet. (CVE-2017-3142)

Red Hat would like to thank Internet Systems Consortium for reporting these
issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original
reporter of these issues.

Bug Fix(es):

* ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK)
rollover during October 2017. Maintaining an up-to-date KSK, by adding the
new root zone KSK, is essential for ensuring that validating DNS resolvers
continue to function following the rollover. (BZ#1458234)

Affected Software/OS:
bind on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-3142
BugTraq ID: 99339
http://www.securityfocus.com/bid/99339
Debian Security Information: DSA-3904 (Google Search)
https://www.debian.org/security/2017/dsa-3904
RedHat Security Advisories: RHSA-2017:1679
https://access.redhat.com/errata/RHSA-2017:1679
RedHat Security Advisories: RHSA-2017:1680
https://access.redhat.com/errata/RHSA-2017:1680
http://www.securitytracker.com/id/1038809
Common Vulnerability Exposure (CVE) ID: CVE-2017-3143
BugTraq ID: 99337
http://www.securityfocus.com/bid/99337

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882748
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for bind CESA-2017:1679 centos6
Resumen:	Check the version of bind
Descripción:	Summary: Check the version of bind Vulnerability Insight: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named) a resolver library (routines for applications to use when interfacing with DNS) and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458234) Affected Software/OS: bind on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3142 BugTraq ID: 99339 http://www.securityfocus.com/bid/99339 Debian Security Information: DSA-3904 (Google Search) https://www.debian.org/security/2017/dsa-3904 RedHat Security Advisories: RHSA-2017:1679 https://access.redhat.com/errata/RHSA-2017:1679 RedHat Security Advisories: RHSA-2017:1680 https://access.redhat.com/errata/RHSA-2017:1680 http://www.securitytracker.com/id/1038809 Common Vulnerability Exposure (CVE) ID: CVE-2017-3143 BugTraq ID: 99337 http://www.securityfocus.com/bid/99337
Copyright	Copyright (C) 2017 Greenbone AG