Debian Local Security Checks : Debian Security Advisory DSA 2370-1 (unbound)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70689

Categoría: Debian Local Security Checks

Título: Debian Security Advisory DSA 2370-1 (unbound)

Resumen: The remote host is missing an update to unbound;announced via advisory DSA 2370-1.

Descripción: Summary:
The remote host is missing an update to unbound
announced via advisory DSA 2370-1.

Vulnerability Insight:
It was discovered that Unbound, a recursive DNS resolver, would crash
when processing certain malformed DNS responses from authoritative DNS
servers, leading to denial of service.

CVE-2011-4528
Unbound attempts to free unallocated memory during processing
of duplicate CNAME records in a signed zone.

CVE-2011-4869
Unbound does not properly process malformed responses which
lack expected NSEC3 records.

For the oldstable distribution (lenny), these problems have been fixed in
version 1.4.6-1~
lenny2.

For the stable distribution (squeeze), these problems have been fixed in
version 1.4.6-1+squeeze2.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 1.4.14-1.

Solution:
We recommend that you upgrade your unbound packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4528
CERT/CC vulnerability note: VU#209659
http://www.kb.cert.org/vuls/id/209659
Debian Security Information: DSA-2370 (Google Search)
http://www.debian.org/security/2011/dsa-2370
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071535.html
http://osvdb.org/77909
http://secunia.com/advisories/47326
Common Vulnerability Exposure (CVE) ID: CVE-2011-4869
http://osvdb.org/77910
XForce ISS Database: unbound-nsec3-dos(71868)
https://exchange.xforce.ibmcloud.com/vulnerabilities/71868

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70689
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 2370-1 (unbound)
Resumen:	The remote host is missing an update to unbound;announced via advisory DSA 2370-1.
Descripción:	Summary: The remote host is missing an update to unbound announced via advisory DSA 2370-1. Vulnerability Insight: It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service. CVE-2011-4528 Unbound attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone. CVE-2011-4869 Unbound does not properly process malformed responses which lack expected NSEC3 records. For the oldstable distribution (lenny), these problems have been fixed in version 1.4.6-1~ lenny2. For the stable distribution (squeeze), these problems have been fixed in version 1.4.6-1+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.4.14-1. Solution: We recommend that you upgrade your unbound packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4528 CERT/CC vulnerability note: VU#209659 http://www.kb.cert.org/vuls/id/209659 Debian Security Information: DSA-2370 (Google Search) http://www.debian.org/security/2011/dsa-2370 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071535.html http://osvdb.org/77909 http://secunia.com/advisories/47326 Common Vulnerability Exposure (CVE) ID: CVE-2011-4869 http://osvdb.org/77910 XForce ISS Database: unbound-nsec3-dos(71868) https://exchange.xforce.ibmcloud.com/vulnerabilities/71868
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com