Network Security Audits / Vulnerability Assessments by SecuritySpace

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2010-5
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 09 Feb 2010
Last revised: 09 Feb 2010

Package: bind

Summary: DNSSEC check vulnerabilities

More information:
    Bind includes the named name server, which resolves host names to IP
    addresses (and vice versa), and a resolver library (a set of routines
    in a system library that provide the interface for programs to use when
    accessing domain name services).

    ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2,
    9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1)
    NSEC and (2) NSEC3 records, which allows remote attackers to add the
    Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. (CVE-2010-0097)

    Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5,
    9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation
    enabled and checking disabled (CD), allows remote attackers to conduct
    DNS cache poisoning attacks by receiving a recursive client query and
    sending a response that contains (1) CNAME or (2) DNAME records, which do not have
    the intended validation before caching, aka Bug 20737. NOTE: this vulnerability
    exists because of an incomplete fix for CVE-2009-4022. (CVE-2010-0290)

Affected Products:
    - Turbolinux Client 2008
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server

<Turbolinux Client 2008>

   Source Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/bind-9.4.2-8.src.rpm
      6508226 077f7de7067695f46b711c52c18c592e

   Binary Packages
   Size: MD5

   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-devel-9.4.2-8.i586.rpm
      5081880 d433d07d10d56eb85efb1cee0e059809
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-libs-9.4.2-8.i586.rpm
       898899 ac6293d6ff3a19a4ca60873da4439ec6
   http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/bind-utils-9.4.2-8.i586.rpm
       374637 599749b0131a1cf37a34073425c581f3

<Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.x86_64.rpm
      1655685 89396133e035faffdad501b329008265
   bind-chroot-9.4.2-8.x86_64.rpm
        14920 9027a31a1584ce4fd2f73da696e59ba8
   bind-libs-9.4.2-8.x86_64.rpm
       927117 2a7b0239d013837cc194c373a9517b11
   bind-sdb-9.4.2-8.x86_64.rpm
       222248 9248061eca6ee98f0cde12a6a46d7f37
   bind-utils-9.4.2-8.x86_64.rpm
       379055 0f709876846969582b6102d4296592b0

<Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.i686.rpm
      1634552 334c99157657a3281309267549cb27f4
   bind-chroot-9.4.2-8.i686.rpm
        14952 4c83466dc351da7197dc1182d0e6a793
   bind-libs-9.4.2-8.i686.rpm
       831632 39f448cf85b11153f1e52dbeb79327e6
   bind-sdb-9.4.2-8.i686.rpm
       203903 e70a9ed9aa8ee39087aae973777df647
   bind-utils-9.4.2-8.i686.rpm
       352735 d18cc0f5f78fc4a8ff7522a361f146d7

<Turbolinux 11 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.x86_64.rpm
      1655685 89396133e035faffdad501b329008265
   bind-chroot-9.4.2-8.x86_64.rpm
        14920 9027a31a1584ce4fd2f73da696e59ba8
   bind-devel-9.4.2-8.x86_64.rpm
      3221832 b378bd5c2c21fa5b883610fd58d51922
   bind-libs-9.4.2-8.x86_64.rpm
       927117 2a7b0239d013837cc194c373a9517b11
   bind-sdb-9.4.2-8.x86_64.rpm
       222248 9248061eca6ee98f0cde12a6a46d7f37
   bind-utils-9.4.2-8.x86_64.rpm
       379055 0f709876846969582b6102d4296592b0

<Turbolinux 11 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/bind-9.4.2-8.src.rpm
      6523155 94379c79075ef0b125377443a5c15aaf

   Binary Packages
   Size: MD5

   bind-9.4.2-8.i686.rpm
      1634552 334c99157657a3281309267549cb27f4
   bind-chroot-9.4.2-8.i686.rpm
        14952 4c83466dc351da7197dc1182d0e6a793
   bind-devel-9.4.2-8.i686.rpm
      3131555 850b04675b3693f3c40338d9781df51a
   bind-libs-9.4.2-8.i686.rpm
       831632 39f448cf85b11153f1e52dbeb79327e6
   bind-sdb-9.4.2-8.i686.rpm
       203903 e70a9ed9aa8ee39087aae973777df647
   bind-utils-9.4.2-8.i686.rpm
       352735 d18cc0f5f78fc4a8ff7522a361f146d7

References:

CVE
   [CVE-2010-0097]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
   [CVE-2010-0290]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290

--------------------------------------------------------------------------
Revision History
    09 Feb 2010 Initial release
--------------------------------------------------------------------------

Copyright(C) 2010 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAktw9xwACgkQK0LzjOqIJMx9JQCfSuj2OW1p+3q1YRUcJ+GZno+J
WjcAni6iwvOvsoa2j6zeV0QHF1tVur6u
=yqmd
-----END PGP SIGNATURE-----