Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0342)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2024.0342

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2024-0342)

Resumen: The remote host is missing an update for the 'bind' package(s) announced via the MGASA-2024-0342 advisory.

Descripción: Summary:
The remote host is missing an update for the 'bind' package(s) announced via the MGASA-2024-0342 advisory.

Vulnerability Insight:
A malicious client can send many DNS messages over TCP, potentially
causing the server to become unstable while the attack is in progress.
The server may recover after the attack ceases. Use of ACLs will not
mitigate the attack. (CVE-2024-0760)
Resolver caches and authoritative zone databases that hold significant
numbers of RRs for the same hostname (of any RTYPE) can suffer from
degraded performance as content is being added or updated, and also when
handling client queries for this name. (CVE-2024-1737)
If a server hosts a zone containing a 'KEY' Resource Record, or a
resolver DNSSEC-validates a 'KEY' Resource Record from a DNSSEC-signed
domain in cache, a client can exhaust resolver CPU resources by sending
a stream of SIG(0) signed requests. (CVE-2024-1975)
Client queries that trigger serving stale data and that also require
lookups in local authoritative zone data may result in an assertion
failure. (CVE-2024-4076)

Affected Software/OS:
'bind' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-0760
Common Vulnerability Exposure (CVE) ID: CVE-2024-1737
Common Vulnerability Exposure (CVE) ID: CVE-2024-1975
Common Vulnerability Exposure (CVE) ID: CVE-2024-4076

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2024.0342
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2024-0342)
Resumen:	The remote host is missing an update for the 'bind' package(s) announced via the MGASA-2024-0342 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the MGASA-2024-0342 advisory. Vulnerability Insight: A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. (CVE-2024-0760) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. (CVE-2024-1737) If a server hosts a zone containing a 'KEY' Resource Record, or a resolver DNSSEC-validates a 'KEY' Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. (CVE-2024-1975) Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. (CVE-2024-4076) Affected Software/OS: 'bind' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-0760 Common Vulnerability Exposure (CVE) ID: CVE-2024-1737 Common Vulnerability Exposure (CVE) ID: CVE-2024-1975 Common Vulnerability Exposure (CVE) ID: CVE-2024-4076
Copyright	Copyright (C) 2024 Greenbone AG