Slackware Local Security Checks : Slackware: Security Advisory (SSA:2006-310-01)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.57698
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2006-310-01)
Summary:	The remote host is missing an update for the 'bind' package(s) announced via the SSA:2006-310-01 advisory.
Description:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the SSA:2006-310-01 advisory. Vulnerability Insight: New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named. In addition, the default RSA exponent was changed from 3 to 65537. Both of these issues are essentially the same as ones discovered in OpenSSL at the end of September 2006, only now there's protection against compiling using the wrong OpenSSL version. RSA keys using exponent 3 (which was previously BIND's default) will need to be regenerated to protect against the forging of RRSIGs. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: [link moved to references] Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ patches/packages/bind-9.3.2_P2-i486-1_slack11.0.tgz: Upgraded to bind-9.3.2-P2. This fixes some security issues related to previous fixes in OpenSSL. The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named. In addition, the default RSA exponent was changed from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's default) will need to be regenerated to protect against the forging of RRSIGs. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'bind' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware 11.0. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4339 1000148 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1 1016791 http://securitytracker.com/id?1016791 1017522 http://securitytracker.com/id?1017522 102648 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 102656 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1 102657 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 102686 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1 102696 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1 102722 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1 102744 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1 102759 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1 19849 http://www.securityfocus.com/bid/19849 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc 20060905 rPSA-2006-0163-1 openssl openssl-scripts http://www.securityfocus.com/archive/1/445231/100/0/threaded 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery http://www.securityfocus.com/archive/1/445822/100/0/threaded 20061108 Multiple Vulnerabilities in OpenSSL Library http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html 20061108 Multiple Vulnerabilities in OpenSSL library http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml 20070110 VMware ESX server security updates http://www.securityfocus.com/archive/1/456546/100/200/threaded 200708 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues http://www.securityfocus.com/archive/1/489739/100/0/threaded 201247 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1 201534 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1 21709 http://secunia.com/advisories/21709 21767 http://secunia.com/advisories/21767 21776 http://secunia.com/advisories/21776 21778 http://secunia.com/advisories/21778 21785 http://secunia.com/advisories/21785 21791 http://secunia.com/advisories/21791 21812 http://secunia.com/advisories/21812 21823 http://secunia.com/advisories/21823 21846 http://secunia.com/advisories/21846 21852 http://secunia.com/advisories/21852 21870 http://secunia.com/advisories/21870 21873 http://secunia.com/advisories/21873 21906 http://secunia.com/advisories/21906 21927 http://secunia.com/advisories/21927 21930 http://secunia.com/advisories/21930 21982 http://secunia.com/advisories/21982 22036 http://secunia.com/advisories/22036 22044 http://secunia.com/advisories/22044 22066 http://secunia.com/advisories/22066 22083 http://www.securityfocus.com/bid/22083 22161 http://secunia.com/advisories/22161 22226 http://secunia.com/advisories/22226 22232 http://secunia.com/advisories/22232 22259 http://secunia.com/advisories/22259 22260 http://secunia.com/advisories/22260 22284 http://secunia.com/advisories/22284 22325 http://secunia.com/advisories/22325 22446 http://secunia.com/advisories/22446 22509 http://secunia.com/advisories/22509 22513 http://secunia.com/advisories/22513 22523 http://secunia.com/advisories/22523 22545 http://secunia.com/advisories/22545 22585 http://secunia.com/advisories/22585 22671 http://secunia.com/advisories/22671 22689 http://secunia.com/advisories/22689 22711 http://secunia.com/advisories/22711 22733 http://secunia.com/advisories/22733 22758 http://secunia.com/advisories/22758 22799 http://secunia.com/advisories/22799 22932 http://secunia.com/advisories/22932 22934 http://secunia.com/advisories/22934 22936 http://secunia.com/advisories/22936 22937 http://secunia.com/advisories/22937 22938 http://secunia.com/advisories/22938 22939 http://secunia.com/advisories/22939 22940 http://secunia.com/advisories/22940 22948 http://secunia.com/advisories/22948 22949 http://secunia.com/advisories/22949 23155 http://secunia.com/advisories/23155 23455 http://secunia.com/advisories/23455 23680 http://secunia.com/advisories/23680 23794 http://secunia.com/advisories/23794 23841 http://secunia.com/advisories/23841 23915 http://secunia.com/advisories/23915 24099 http://secunia.com/advisories/24099 24930 http://secunia.com/advisories/24930 24950 http://secunia.com/advisories/24950 25284 http://secunia.com/advisories/25284 25399 http://secunia.com/advisories/25399 25649 http://secunia.com/advisories/25649 26329 http://secunia.com/advisories/26329 26893 http://secunia.com/advisories/26893 28115 http://secunia.com/advisories/28115 28276 http://www.securityfocus.com/bid/28276 28549 http://www.osvdb.org/28549 31492 http://secunia.com/advisories/31492 38567 http://secunia.com/advisories/38567 38568 http://secunia.com/advisories/38568 41818 http://secunia.com/advisories/41818 60799 http://secunia.com/advisories/60799 ADV-2006-3453 http://www.vupen.com/english/advisories/2006/3453 ADV-2006-3566 http://www.vupen.com/english/advisories/2006/3566 ADV-2006-3730 http://www.vupen.com/english/advisories/2006/3730 ADV-2006-3748 http://www.vupen.com/english/advisories/2006/3748 ADV-2006-3793 http://www.vupen.com/english/advisories/2006/3793 ADV-2006-3899 http://www.vupen.com/english/advisories/2006/3899 ADV-2006-3936 http://www.vupen.com/english/advisories/2006/3936 ADV-2006-4205 http://www.vupen.com/english/advisories/2006/4205 ADV-2006-4206 http://www.vupen.com/english/advisories/2006/4206 ADV-2006-4207 http://www.vupen.com/english/advisories/2006/4207 ADV-2006-4216 http://www.vupen.com/english/advisories/2006/4216 ADV-2006-4327 http://www.vupen.com/english/advisories/2006/4327 ADV-2006-4329 http://www.vupen.com/english/advisories/2006/4329 ADV-2006-4366 http://www.vupen.com/english/advisories/2006/4366 ADV-2006-4417 http://www.vupen.com/english/advisories/2006/4417 ADV-2006-4586 http://www.vupen.com/english/advisories/2006/4586 ADV-2006-4744 http://www.vupen.com/english/advisories/2006/4744 ADV-2006-4750 http://www.vupen.com/english/advisories/2006/4750 ADV-2006-5146 http://www.vupen.com/english/advisories/2006/5146 ADV-2007-0254 http://www.vupen.com/english/advisories/2007/0254 ADV-2007-0343 http://www.vupen.com/english/advisories/2007/0343 ADV-2007-1401 http://www.vupen.com/english/advisories/2007/1401 ADV-2007-1815 http://www.vupen.com/english/advisories/2007/1815 ADV-2007-1945 http://www.vupen.com/english/advisories/2007/1945 ADV-2007-2163 http://www.vupen.com/english/advisories/2007/2163 ADV-2007-2315 http://www.vupen.com/english/advisories/2007/2315 ADV-2007-2783 http://www.vupen.com/english/advisories/2007/2783 ADV-2007-4224 http://www.vupen.com/english/advisories/2007/4224 ADV-2008-0905 http://www.vupen.com/english/advisories/2008/0905/references ADV-2010-0366 http://www.vupen.com/english/advisories/2010/0366 APPLE-SA-2006-11-28 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html APPLE-SA-2007-12-14 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html BEA07-169.00 http://dev2dev.bea.com/pub/advisory/238 DSA-1173 http://www.us.debian.org/security/2006/dsa-1173 DSA-1174 http://www.debian.org/security/2006/dsa-1174 FreeBSD-SA-06:19 http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc GLSA-200609-05 http://security.gentoo.org/glsa/glsa-200609-05.xml GLSA-200609-18 http://security.gentoo.org/glsa/glsa-200609-18.xml GLSA-200610-06 http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml GLSA-201408-19 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml HPSBMA02250 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPSBTU02207 https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144 HPSBUX02153 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 HPSBUX02165 http://www.securityfocus.com/archive/1/450327/100/0/threaded HPSBUX02186 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 HPSBUX02219 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495 JVN#51615542 http://jvn.jp/en/jp/JVN51615542/index.html JVNDB-2012-000079 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html MDKSA-2006:161 http://www.mandriva.com/security/advisories?name=MDKSA-2006:161 MDKSA-2006:177 http://www.mandriva.com/security/advisories?name=MDKSA-2006:177 MDKSA-2006:178 http://www.mandriva.com/security/advisories?name=MDKSA-2006:178 MDKSA-2006:207 http://www.mandriva.com/security/advisories?name=MDKSA-2006:207 OpenPKG-SA-2006.018 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html OpenPKG-SA-2006.029 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html RHSA-2006:0661 http://www.redhat.com/support/errata/RHSA-2006-0661.html RHSA-2007:0062 http://www.redhat.com/support/errata/RHSA-2007-0062.html RHSA-2007:0072 http://www.redhat.com/support/errata/RHSA-2007-0072.html RHSA-2007:0073 http://www.redhat.com/support/errata/RHSA-2007-0073.html RHSA-2008:0629 http://www.redhat.com/support/errata/RHSA-2008-0629.html SSA:2006-257-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306 SSA:2006-310-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955 SSRT061181 SSRT061213 SSRT061239 SSRT061266 SSRT061273 SSRT061275 SSRT071299 SSRT071304 SSRT090208 SUSE-SA:2006:055 http://www.novell.com/linux/security/advisories/2006_55_ssl.html SUSE-SA:2006:061 http://www.novell.com/linux/security/advisories/2006_61_opera.html SUSE-SA:2007:010 http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html SUSE-SR:2006:026 http://www.novell.com/linux/security/advisories/2006_26_sr.html TA06-333A http://www.us-cert.gov/cas/techalerts/TA06-333A.html USN-339-1 http://www.ubuntu.com/usn/usn-339-1 VU#845620 http://www.kb.cert.org/vuls/id/845620 [3.9] 20060908 011: SECURITY FIX: September 8, 2006 http://www.openbsd.org/errata.html [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised] http://marc.info/?l=bind-announce&m=116253119512445&w=2 [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues http://lists.vmware.com/pipermail/security-announce/2008/000008.html http://docs.info.apple.com/article.html?artnum=304829 http://docs.info.apple.com/article.html?artnum=307177 http://openvpn.net/changelog.html http://support.attachmate.com/techdocs/2127.html http://support.attachmate.com/techdocs/2128.html http://support.attachmate.com/techdocs/2137.html http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openssl.org/news/secadv_20060905.txt http://www.opera.com/support/search/supsearch.dml?index=845 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html http://www.serv-u.com/releasenotes/ http://www.sybase.com/detail?id=1047991 http://www.vmware.com/security/advisories/VMSA-2008-0005.html http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html http://www.vmware.com/support/player/doc/releasenotes_player.html http://www.vmware.com/support/player2/doc/releasenotes_player2.html http://www.vmware.com/support/server/doc/releasenotes_server.html http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 https://issues.rpath.com/browse/RPL-1633 https://issues.rpath.com/browse/RPL-616 https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html openssl-rsa-security-bypass(28755) https://exchange.xforce.ibmcloud.com/vulnerabilities/28755 oval:org.mitre.oval:def:11656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656
Copyright	Copyright (C) 2012 Greenbone AG