English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63243
Category:FreeBSD Local Security Checks
Title:FreeBSD Security Advisory (FreeBSD-SA-09:04.bind.asc)
Summary:FreeBSD Security Advisory (FreeBSD-SA-09:04.bind.asc)
Description:The remote host is missing an update to the system
as announced in the referenced advisory FreeBSD-SA-09:04.bind.asc

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server. DNS Security
Extensions (DNSSEC) are additional protocol options that add
authentication as part of responses to DNS queries.

FreeBSD includes software from the OpenSSL Project. The OpenSSL
Project is a collaborative effort to develop a robust,
commercial-grade, full-featured Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography
library.

The DSA_do_verify() function from OpenSSL is used to determine if a
DSA digital signature is valid. When DNSSEC is used within BIND it
uses DSA_do_verify() to verify DSA signatures, but checks the function
return value incorrectly.

Solution:
Upgrade your system to the appropriate stable release
or security branch dated after the correction date

http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:04.bind.asc
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0025
Bugtraq: 20090120 rPSA-2009-0009-1 bind bind-utils (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500207/100/0/threaded
Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded
Bugtraq: 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499827/100/0/threaded
http://www.ocert.org/advisories/ocert-2008-016.html
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html
FreeBSD Security Advisory: FreeBSD-SA-09:04
http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362
http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 33151
http://www.securityfocus.com/bid/33151
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10879
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5569
http://secunia.com/advisories/35074
http://www.vupen.com/english/advisories/2009/0043
http://www.vupen.com/english/advisories/2009/0366
http://secunia.com/advisories/33559
http://secunia.com/advisories/33683
http://secunia.com/advisories/33494
http://secunia.com/advisories/33546
http://secunia.com/advisories/33551
http://secunia.com/advisories/33882
http://www.vupen.com/english/advisories/2009/0904
http://www.vupen.com/english/advisories/2009/1297
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.