English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67539
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2054-1)
Summary:The remote host is missing an update for the Debian 'bind9' package(s) announced via the DSA-2054-1 advisory.;; This VT has been deprecated and merged into the VT 'deb_2054.nasl' (OID: 1.3.6.1.4.1.25623.1.0.67539).
Description:Summary:
The remote host is missing an update for the Debian 'bind9' package(s) announced via the DSA-2054-1 advisory.

This VT has been deprecated and merged into the VT 'deb_2054.nasl' (OID: 1.3.6.1.4.1.25623.1.0.67539).

Vulnerability Insight:
Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.

The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2010-0097

BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

CVE-2010-0290

When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.

CVE-2010-0382

When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.

In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the 'roll over and die' phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root (RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence algorithm used by some signed top-level domains.

This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using 'apt-get dist-upgrade' (or an equivalent aptitude command).

For the stable distribution (lenny), these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny1.

For the unstable distribution (sid), these problems have been fixed in version 1:9.7.0.dfsg-1.

We recommend that you upgrade your bind9 packages.

Affected Software/OS:
'bind9' package(s) on Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0097
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 37865
http://www.securityfocus.com/bid/37865
CERT/CC vulnerability note: VU#360341
http://www.kb.cert.org/vuls/id/360341
Debian Security Information: DSA-2054 (Google Search)
http://www.debian.org/security/2010/dsa-2054
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html
HPdes Security Advisory: HPSBUX02519
http://marc.info/?l=bugtraq&m=127195582210247&w=2
HPdes Security Advisory: SSRT100004
http://www.mandriva.com/security/advisories?name=MDVSA-2010:021
http://www.osvdb.org/61853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357
RedHat Security Advisories: RHSA-2010:0062
https://rhn.redhat.com/errata/RHSA-2010-0062.html
RedHat Security Advisories: RHSA-2010:0095
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://securitytracker.com/id?1023474
http://secunia.com/advisories/38169
http://secunia.com/advisories/38219
http://secunia.com/advisories/38240
http://secunia.com/advisories/39334
http://secunia.com/advisories/39582
http://secunia.com/advisories/40086
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
SuSE Security Announcement: SUSE-SA:2010:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://www.ubuntu.com/usn/USN-888-1
http://www.vupen.com/english/advisories/2010/0176
http://www.vupen.com/english/advisories/2010/0622
http://www.vupen.com/english/advisories/2010/0981
http://www.vupen.com/english/advisories/2010/1352
XForce ISS Database: bind-dnssecnsec-cache-poisoning(55753)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55753
Common Vulnerability Exposure (CVE) ID: CVE-2010-0290
38219
38240
40086
ADV-2010-0176
ADV-2010-0622
ADV-2010-1352
DSA-2054
MDVSA-2010:021
RHSA-2010:0062
SUSE-SA:2010:008
USN-888-1
[oss-security] 20100119 BIND CVE-2009-4022 fix incomplete
http://marc.info/?l=oss-security&m=126393609503704&w=2
[oss-security] 20100120 Re: BIND CVE-2009-4022 fix incomplete
http://marc.info/?l=oss-security&m=126399602810086&w=2
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
https://bugzilla.redhat.com/show_bug.cgi?id=554851
https://bugzilla.redhat.com/show_bug.cgi?id=557121
https://www.isc.org/advisories/CVE-2009-4022v6
oval:org.mitre.oval:def:6815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6815
oval:org.mitre.oval:def:7512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7512
oval:org.mitre.oval:def:8884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8884
Common Vulnerability Exposure (CVE) ID: CVE-2010-0382
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11753
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6665
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7086
CopyrightCopyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.