Test ID:	1.3.6.1.4.1.25623.1.0.63400
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:037 (bind)
Summary:	The remote host is missing an update to bind;announced via advisory MDVSA-2009:037.
Description:	Summary: The remote host is missing an update to bind announced via advisory MDVSA-2009:037. Vulnerability Insight: Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265). Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5077 1021523 http://www.securitytracker.com/id?1021523 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses http://www.securityfocus.com/archive/1/499827/100/0/threaded 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim http://www.securityfocus.com/archive/1/502322/100/0/threaded 250826 http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1 33150 http://www.securityfocus.com/bid/33150 33338 http://secunia.com/advisories/33338 33394 http://secunia.com/advisories/33394 33436 http://secunia.com/advisories/33436 33557 http://secunia.com/advisories/33557 33673 http://secunia.com/advisories/33673 33765 http://secunia.com/advisories/33765 34211 http://secunia.com/advisories/34211 35074 http://secunia.com/advisories/35074 35108 http://secunia.com/advisories/35108 39005 http://secunia.com/advisories/39005 ADV-2009-0040 http://www.vupen.com/english/advisories/2009/0040 ADV-2009-0289 http://www.vupen.com/english/advisories/2009/0289 ADV-2009-0362 http://www.vupen.com/english/advisories/2009/0362 ADV-2009-0558 http://www.vupen.com/english/advisories/2009/0558 ADV-2009-0904 http://www.vupen.com/english/advisories/2009/0904 ADV-2009-0913 http://www.vupen.com/english/advisories/2009/0913 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2009-1338 http://www.vupen.com/english/advisories/2009/1338 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html GLSA-200902-02 http://security.gentoo.org/glsa/glsa-200902-02.xml HPSBMA02426 http://marc.info/?l=bugtraq&m=124277349419254&w=2 HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPSBUX02418 http://marc.info/?l=bugtraq&m=123859864430555&w=2 RHSA-2009:0004 http://www.redhat.com/support/errata/RHSA-2009-0004.html SSA:2009-014-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796 SSRT090002 SSRT090053 SUSE-SU-2011:0847 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html USN-704-1 https://usn.ubuntu.com/704-1/ http://support.apple.com/kb/HT3549 http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653 http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html http://www.ocert.org/advisories/ocert-2008-016.html http://www.openssl.org/news/secadv_20090107.txt http://www.vmware.com/security/advisories/VMSA-2009-0004.html openSUSE-SU-2011:0845 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html oval:org.mitre.oval:def:6380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380 oval:org.mitre.oval:def:9155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155 Common Vulnerability Exposure (CVE) ID: CVE-2009-0025 20090120 rPSA-2009-0009-1 bind bind-utils http://www.securityfocus.com/archive/1/500207/100/0/threaded 250846 http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1 33151 http://www.securityfocus.com/bid/33151 33494 http://secunia.com/advisories/33494 33546 http://secunia.com/advisories/33546 33551 http://secunia.com/advisories/33551 33559 http://secunia.com/advisories/33559 33683 http://secunia.com/advisories/33683 33882 http://secunia.com/advisories/33882 ADV-2009-0043 http://www.vupen.com/english/advisories/2009/0043 ADV-2009-0366 http://www.vupen.com/english/advisories/2009/0366 FEDORA-2009-0350 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html FreeBSD-SA-09:04 http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc HPSBOV03226 http://marc.info/?l=bugtraq&m=141879471518471&w=2 SSA:2009-014-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 SSRT101004 http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm http://wiki.rpath.com/Advisories:rPSA-2009-0009 http://www.openbsd.org/errata44.html#008_bind https://issues.rpath.com/browse/RPL-2938 https://www.isc.org/software/bind/advisories/cve-2009-0025 oval:org.mitre.oval:def:10879 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879 oval:org.mitre.oval:def:5569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569 Common Vulnerability Exposure (CVE) ID: CVE-2009-0265 http://www.mandriva.com/security/advisories?name=MDVSA-2009:037
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.