CentOS Local Security Checks : CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881456

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6

Zusammenfassung: The remote host is missing an update for the 'bind-dyndb-ldap'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'bind-dyndb-ldap'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The dynamic LDAP back end is a plug-in for BIND that provides back-end
capabilities to LDAP databases. It features support for dynamic updates and
internal caching that help to reduce the load on LDAP servers.

A flaw was found in the way bind-dyndb-ldap performed the escaping of names
from DNS requests for use in LDAP queries. A remote attacker able to send
DNS queries to a named server that is configured to use bind-dyndb-ldap
could use this flaw to cause named to exit unexpectedly with an assertion
failure. (CVE-2012-3429)

Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this
issue.

All bind-dyndb-ldap users should upgrade to this updated package, which
contains a backported patch to correct this issue. For the update to take
effect, the named service must be restarted.

Affected Software/OS:
bind-dyndb-ldap on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-3429
1027341
http://www.securitytracker.com/id?1027341
50086
http://secunia.com/advisories/50086
50159
http://secunia.com/advisories/50159
54787
http://www.securityfocus.com/bid/54787
RHSA-2012:1139
http://rhn.redhat.com/errata/RHSA-2012-1139.html
[oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429
http://www.openwall.com/lists/oss-security/2012/08/02/5
binddyndbldap-dnstoldapdnescape-dos(77391)
https://exchange.xforce.ibmcloud.com/vulnerabilities/77391
http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006
https://bugzilla.redhat.com/show_bug.cgi?id=842466

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881456
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for bind-dyndb-ldap CESA-2012:1139 centos6
Zusammenfassung:	The remote host is missing an update for the 'bind-dyndb-ldap'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'bind-dyndb-ldap' package(s) announced via the referenced advisory. Vulnerability Insight: The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure. (CVE-2012-3429) Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted. Affected Software/OS: bind-dyndb-ldap on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3429 1027341 http://www.securitytracker.com/id?1027341 50086 http://secunia.com/advisories/50086 50159 http://secunia.com/advisories/50159 54787 http://www.securityfocus.com/bid/54787 RHSA-2012:1139 http://rhn.redhat.com/errata/RHSA-2012-1139.html [oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429 http://www.openwall.com/lists/oss-security/2012/08/02/5 binddyndbldap-dnstoldapdnescape-dos(77391) https://exchange.xforce.ibmcloud.com/vulnerabilities/77391 http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006 https://bugzilla.redhat.com/show_bug.cgi?id=842466
Copyright	Copyright (C) 2012 Greenbone AG