Test ID:	1.3.6.1.4.1.25623.1.0.60961
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0300
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0300. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named) a resolver library (routines for applications to use when interfacing with DNS) and tools for verifying that the DNS server is operating correctly. It was discovered that the bind packages created the rndc.key file with insecure file permissions. This allowed any local user to read the content of this file. A local user could use this flaw to control some aspects of the named daemon by using the rndc utility, for example, stopping the named daemon. This problem did not affect systems with the bind-chroot package installed. (CVE-2007-6283) A buffer overflow flaw was discovered in the inet_network() function, as implemented by libbind. An attacker could use this flaw to crash an application calling this function, with an argument provided from an untrusted source. (CVE-2008-0122) All users of bind are advised to upgrade to these updated packages. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0300.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6283 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977 http://www.redhat.com/support/errata/RHSA-2008-0300.html http://secunia.com/advisories/28180 http://secunia.com/advisories/30313 Common Vulnerability Exposure (CVE) ID: CVE-2008-0122 BugTraq ID: 27283 http://www.securityfocus.com/bid/27283 Bugtraq: 20080124 rPSA-2008-0029-1 bind bind-utils (Google Search) http://www.securityfocus.com/archive/1/487000/100/0/threaded CERT/CC vulnerability note: VU#203611 http://www.kb.cert.org/vuls/id/203611 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html FreeBSD Security Advisory: FreeBSD-SA-08:02 http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190 http://www.securitytracker.com/id?1019189 http://secunia.com/advisories/28367 http://secunia.com/advisories/28429 http://secunia.com/advisories/28487 http://secunia.com/advisories/28579 http://secunia.com/advisories/29161 http://secunia.com/advisories/29323 http://secunia.com/advisories/30538 http://secunia.com/advisories/30718 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1 SuSE Security Announcement: SUSE-SR:2008:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://www.vupen.com/english/advisories/2008/0193 http://www.vupen.com/english/advisories/2008/0703 http://www.vupen.com/english/advisories/2008/1743/references XForce ISS Database: freebsd-inetnetwork-bo(39670) https://exchange.xforce.ibmcloud.com/vulnerabilities/39670
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.