 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.64419 |
| Kategorie: | Debian Local Security Checks |
| Titel: | Debian Security Advisory DSA 1831-1 (djbdns) |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing an update to djbdns announced via advisory DSA 1831-1. Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. The old stable distribution (etch) does not contain djbdns. For the stable distribution (lenny), this problem has been fixed in version 1.05-4+lenny1. For the unstable distribution (sid), this problem has been fixed in version 1.05-5. We recommend that you upgrade your djbdns package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201831-1 CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-0858 BugTraq ID: 33937 http://www.securityfocus.com/bid/33937 Bugtraq: 20090226 djbdns misformats some long response packets; patch and example attack (Google Search) http://www.securityfocus.com/archive/1/501294/100/0/threaded Bugtraq: 20090305 Re: djbdns misformats some long response packets; patch and example attack (Google Search) http://www.securityfocus.com/archive/1/501340/100/0/threaded http://www.securityfocus.com/archive/1/501479/100/0/threaded Debian Security Information: DSA-1831 (Google Search) http://www.debian.org/security/2009/dsa-1831 http://it.slashdot.org/article.pl?sid=09/03/05/2014249 http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/ http://marc.info/?l=djbdns&m=123554945710038 http://marc.info/?l=djbdns&m=123613000920446&w=2 http://secunia.com/advisories/35820 XForce ISS Database: djbdns-response-packet-spoofing(49003) https://exchange.xforce.ibmcloud.com/vulnerabilities/49003 |
| Copyright | Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |