English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2010-5
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 09 Feb 2010
 Last revised: 09 Feb 2010

 Package: bind

 Summary: DNSSEC check vulnerabilities

 More information:
    Bind includes the named name server, which resolves host names to IP
    addresses (and vice versa), and a resolver library (a set of routines
    in a system library that provide the interface for programs to use when
    accessing domain name services). 

    ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2,
    9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1)
    NSEC and (2) NSEC3 records, which allows remote attackers to add the
    Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. (CVE-2010-0097)

    Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5,
    9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation
    enabled and checking disabled (CD), allows remote attackers to conduct
    DNS cache poisoning attacks by receiving a recursive client query and
    sending a response that contains (1) CNAME or (2) DNAME records, which do not have
    the intended validation before caching, aka Bug 20737. NOTE: this vulnerability
    exists because of an incomplete fix for CVE-2009-4022. (CVE-2010-0290)

 Affected Products:
    - Turbolinux Client 2008
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server


 <Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/bind-9.4.2-8.src.rpm
      6508226 077f7de7067695f46b711c52c18c592e

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-devel-9.4.2-8.i586.rpm
      5081880 d433d07d10d56eb85efb1cee0e059809
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-libs-9.4.2-8.i586.rpm
       898899 ac6293d6ff3a19a4ca60873da4439ec6
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-utils-9.4.2-8.i586.rpm
       374637 599749b0131a1cf37a34073425c581f3

 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.x86_64.rpm
      1655685 89396133e035faffdad501b329008265
   bind-chroot-9.4.2-8.x86_64.rpm
        14920 9027a31a1584ce4fd2f73da696e59ba8
   bind-libs-9.4.2-8.x86_64.rpm
       927117 2a7b0239d013837cc194c373a9517b11
   bind-sdb-9.4.2-8.x86_64.rpm
       222248 9248061eca6ee98f0cde12a6a46d7f37
   bind-utils-9.4.2-8.x86_64.rpm
       379055 0f709876846969582b6102d4296592b0

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.i686.rpm
      1634552 334c99157657a3281309267549cb27f4
   bind-chroot-9.4.2-8.i686.rpm
        14952 4c83466dc351da7197dc1182d0e6a793
   bind-libs-9.4.2-8.i686.rpm
       831632 39f448cf85b11153f1e52dbeb79327e6
   bind-sdb-9.4.2-8.i686.rpm
       203903 e70a9ed9aa8ee39087aae973777df647
   bind-utils-9.4.2-8.i686.rpm
       352735 d18cc0f5f78fc4a8ff7522a361f146d7

 <Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.x86_64.rpm
      1655685 89396133e035faffdad501b329008265
   bind-chroot-9.4.2-8.x86_64.rpm
        14920 9027a31a1584ce4fd2f73da696e59ba8
   bind-devel-9.4.2-8.x86_64.rpm
      3221832 b378bd5c2c21fa5b883610fd58d51922
   bind-libs-9.4.2-8.x86_64.rpm
       927117 2a7b0239d013837cc194c373a9517b11
   bind-sdb-9.4.2-8.x86_64.rpm
       222248 9248061eca6ee98f0cde12a6a46d7f37
   bind-utils-9.4.2-8.x86_64.rpm
       379055 0f709876846969582b6102d4296592b0

 <Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.i686.rpm
      1634552 334c99157657a3281309267549cb27f4
   bind-chroot-9.4.2-8.i686.rpm
        14952 4c83466dc351da7197dc1182d0e6a793
   bind-devel-9.4.2-8.i686.rpm
      3131555 850b04675b3693f3c40338d9781df51a
   bind-libs-9.4.2-8.i686.rpm
       831632 39f448cf85b11153f1e52dbeb79327e6
   bind-sdb-9.4.2-8.i686.rpm
       203903 e70a9ed9aa8ee39087aae973777df647
   bind-utils-9.4.2-8.i686.rpm
       352735 d18cc0f5f78fc4a8ff7522a361f146d7


 References:

 CVE
   [CVE-2010-0097]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
   [CVE-2010-0290]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290

 --------------------------------------------------------------------------
 Revision History
    09 Feb 2010 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2010 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAktw9xwACgkQK0LzjOqIJMx9JQCfSuj2OW1p+3q1YRUcJ+GZno+J
WjcAni6iwvOvsoa2j6zeV0QHF1tVur6u
=yqmd
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.