Test Kennung:	1.3.6.1.4.1.25623.1.0.880687
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for bind CESA-2009:1620 centos5 i386
Zusammenfassung:	The remote host is missing an update for the 'bind'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the referenced advisory. Vulnerability Insight: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), a resolver library (routines for applications to use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly. Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. Affected Software/OS: bind on CentOS 5 Solution: Please install the updated packages. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4022 AIX APAR: IZ68597 http://www.ibm.com/support/docview.wss?uid=isg1IZ68597 AIX APAR: IZ71667 http://www.ibm.com/support/docview.wss?uid=isg1IZ71667 AIX APAR: IZ71774 http://www.ibm.com/support/docview.wss?uid=isg1IZ71774 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html BugTraq ID: 37118 http://www.securityfocus.com/bid/37118 CERT/CC vulnerability note: VU#418861 http://www.kb.cert.org/vuls/id/418861 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01172.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01188.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:304 http://www.openwall.com/lists/oss-security/2009/11/24/2 http://www.openwall.com/lists/oss-security/2009/11/24/8 http://www.openwall.com/lists/oss-security/2009/11/24/1 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://osvdb.org/60493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11745 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7459 http://www.redhat.com/support/errata/RHSA-2009-1620.html http://secunia.com/advisories/37426 http://secunia.com/advisories/37491 http://secunia.com/advisories/38219 http://secunia.com/advisories/38240 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://secunia.com/advisories/39334 http://secunia.com/advisories/40730 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021660.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1 http://www.ubuntu.com/usn/USN-888-1 http://www.vupen.com/english/advisories/2009/3335 http://www.vupen.com/english/advisories/2010/0176 http://www.vupen.com/english/advisories/2010/0528 http://www.vupen.com/english/advisories/2010/0622 XForce ISS Database: bind-dnssec-cache-poisoning(54416) https://exchange.xforce.ibmcloud.com/vulnerabilities/54416
Copyright	Copyright (c) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.