Test Kennung:	1.3.6.1.4.1.25623.1.0.880895
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for bind CESA-2009:0020 centos4 i386
Zusammenfassung:	The remote host is missing an update for the 'bind'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the referenced advisory. Vulnerability Insight: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically. Affected Software/OS: bind on CentOS 4 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0025 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses http://www.securityfocus.com/archive/1/499827/100/0/threaded 20090120 rPSA-2009-0009-1 bind bind-utils http://www.securityfocus.com/archive/1/500207/100/0/threaded 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim http://www.securityfocus.com/archive/1/502322/100/0/threaded 250846 http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1 33151 http://www.securityfocus.com/bid/33151 33494 http://secunia.com/advisories/33494 33546 http://secunia.com/advisories/33546 33551 http://secunia.com/advisories/33551 33559 http://secunia.com/advisories/33559 33683 http://secunia.com/advisories/33683 33882 http://secunia.com/advisories/33882 35074 http://secunia.com/advisories/35074 ADV-2009-0043 http://www.vupen.com/english/advisories/2009/0043 ADV-2009-0366 http://www.vupen.com/english/advisories/2009/0366 ADV-2009-0904 http://www.vupen.com/english/advisories/2009/0904 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html FEDORA-2009-0350 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html FreeBSD-SA-09:04 http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc HPSBOV03226 http://marc.info/?l=bugtraq&m=141879471518471&w=2 SSA:2009-014-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 SSRT101004 TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://support.apple.com/kb/HT3549 http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm http://wiki.rpath.com/Advisories:rPSA-2009-0009 http://www.ocert.org/advisories/ocert-2008-016.html http://www.openbsd.org/errata44.html#008_bind http://www.vmware.com/security/advisories/VMSA-2009-0004.html https://issues.rpath.com/browse/RPL-2938 https://www.isc.org/software/bind/advisories/cve-2009-0025 oval:org.mitre.oval:def:10879 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879 oval:org.mitre.oval:def:5569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569
Copyright	Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.