CentOS Local Security Checks : CentOS: Security Advisory for bind (CESA-2020:2383)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883243

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for bind (CESA-2020:2383)

Resumen: The remote host is missing an update for the 'bind'; package(s) announced via the CESA-2020:2383 advisory.

Descripción: Summary:
The remote host is missing an update for the 'bind'
package(s) announced via the CESA-2020:2383 advisory.

Vulnerability Insight:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named), a resolver
library (routines for applications to use when interfacing with DNS), and
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: BIND does not sufficiently limit the number of fetches performed
when processing referrals (CVE-2020-8616)

* bind: A logic error in code which checks TSIG validity can be used to
trigger an assertion failure in tsig.c (CVE-2020-8617)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'bind' package(s) on CentOS 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-8616
Debian Security Information: DSA-4689 (Google Search)
https://www.debian.org/security/2020/dsa-4689
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/
http://www.nxnsattack.com
https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html
http://www.openwall.com/lists/oss-security/2020/05/19/4
SuSE Security Announcement: openSUSE-SU-2020:1699 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
SuSE Security Announcement: openSUSE-SU-2020:1701 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
https://usn.ubuntu.com/4365-1/
https://usn.ubuntu.com/4365-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-8617
http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883243
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for bind (CESA-2020:2383)
Resumen:	The remote host is missing an update for the 'bind'; package(s) announced via the CESA-2020:2383 advisory.
Descripción:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the CESA-2020:2383 advisory. Vulnerability Insight: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named), a resolver library (routines for applications to use when interfacing with DNS), and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'bind' package(s) on CentOS 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8616 Debian Security Information: DSA-4689 (Google Search) https://www.debian.org/security/2020/dsa-4689 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/ http://www.nxnsattack.com https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html http://www.openwall.com/lists/oss-security/2020/05/19/4 SuSE Security Announcement: openSUSE-SU-2020:1699 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html SuSE Security Announcement: openSUSE-SU-2020:1701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://usn.ubuntu.com/4365-1/ https://usn.ubuntu.com/4365-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8617 http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH