Test Kennung:	1.3.6.1.4.1.25623.1.0.63243
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Security Advisory (FreeBSD-SA-09:04.bind.asc)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:04.bind.asc BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. DNS Security Extensions (DNSSEC) are additional protocol options that add authentication as part of responses to DNS queries. FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The DSA_do_verify() function from OpenSSL is used to determine if a DSA digital signature is valid. When DNSSEC is used within BIND it uses DSA_do_verify() to verify DSA signatures, but checks the function return value incorrectly. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date http://www.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:04.bind.asc CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0025 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 33151 http://www.securityfocus.com/bid/33151 Bugtraq: 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses (Google Search) http://www.securityfocus.com/archive/1/499827/100/0/threaded Bugtraq: 20090120 rPSA-2009-0009-1 bind bind-utils (Google Search) http://www.securityfocus.com/archive/1/500207/100/0/threaded Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search) http://www.securityfocus.com/archive/1/502322/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html FreeBSD Security Advisory: FreeBSD-SA-09:04 http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc HPdes Security Advisory: HPSBOV03226 http://marc.info/?l=bugtraq&m=141879471518471&w=2 HPdes Security Advisory: SSRT101004 http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://www.ocert.org/advisories/ocert-2008-016.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569 http://secunia.com/advisories/33494 http://secunia.com/advisories/33546 http://secunia.com/advisories/33551 http://secunia.com/advisories/33559 http://secunia.com/advisories/33683 http://secunia.com/advisories/33882 http://secunia.com/advisories/35074 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1 http://www.vupen.com/english/advisories/2009/0043 http://www.vupen.com/english/advisories/2009/0366 http://www.vupen.com/english/advisories/2009/0904 http://www.vupen.com/english/advisories/2009/1297
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.