Login
Newsletter
Werbung
Sicherheit: DNS Poisoning in bind
Aktuelle Meldungen Distributionen
Name: DNS Poisoning in bind
ID: MDKSA-2007:149
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1
Datum: Do, 26. Juli 2007, 00:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
http://www.isc.org/index.pl?/sw/bind/bind-security.php
Applikationen: BIND

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1185403676-7034-160


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:149
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bind
 Date    : December 31, 1969
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The DNS query id generation code in BIND9 is vulnerable to
 cryptographic analysis which provides a 1-in-8 change of guessing the
 next query ID for 50% of the query IDs, which could be used by a remote
 attacker to perform cache poisoning by an attacker (CVE-2007-2926).
 
 As well, in BIND9 9.4.x, the default ACLs were note being correctly
 set, which could allow anyone to make recursive queries and/or query
 the cache contents (CVE-2007-2925).
 
 This update provides packages which are patched to prevent these
 issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
 http://www.isc.org/index.pl?/sw/bind/bind-security.php
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2ebbd9a8148b7b4f05d255724627e348  2007.0/i586/bind-9.3.2-8.3mdv2007.0.i586.rpm
 386aa2bab5b3e23cb0c6f19bc17b0cd5 
 2007.0/i586/bind-devel-9.3.2-8.3mdv2007.0.i586.rpm
 d8e4b592f2d0fa630e32c23c50ab2565 
 2007.0/i586/bind-utils-9.3.2-8.3mdv2007.0.i586.rpm 
 557c41948b1ff0e4f329e2592c0dcb9f  2007.0/SRPMS/bind-9.3.2-8.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7fe09bf456f8a4d83ee7e4caad08b791 
 2007.0/x86_64/bind-9.3.2-8.3mdv2007.0.x86_64.rpm
 e5d4a371c47e6a6f6567c454766ea734 
 2007.0/x86_64/bind-devel-9.3.2-8.3mdv2007.0.x86_64.rpm
 5a41c963b1e5fab7515856f14ec4c3c4 
 2007.0/x86_64/bind-utils-9.3.2-8.3mdv2007.0.x86_64.rpm 
 557c41948b1ff0e4f329e2592c0dcb9f  2007.0/SRPMS/bind-9.3.2-8.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 c5edcec0bc385a1a2c717963b0f15dc0  2007.1/i586/bind-9.4.1-0.2mdv2007.1.i586.rpm
 9c579fed148a85a852b73828613cafde 
 2007.1/i586/bind-devel-9.4.1-0.2mdv2007.1.i586.rpm
 9a761cb0c7128b83522934b2d9cc2dfc 
 2007.1/i586/bind-utils-9.4.1-0.2mdv2007.1.i586.rpm 
 af14ae7948a33b1bf21d9bcafbf0e98e  2007.1/SRPMS/bind-9.4.1-0.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 7a612949e7810f83e1322a574be9500c 
 2007.1/x86_64/bind-9.4.1-0.2mdv2007.1.x86_64.rpm
 ece5e802b3d5928999c34b1f9c95dfc8 
 2007.1/x86_64/bind-devel-9.4.1-0.2mdv2007.1.x86_64.rpm
 b3ccec62bfc5d07b9858f04ce8de8fd1 
 2007.1/x86_64/bind-utils-9.4.1-0.2mdv2007.1.x86_64.rpm 
 af14ae7948a33b1bf21d9bcafbf0e98e  2007.1/SRPMS/bind-9.4.1-0.2mdv2007.1.src.rpm

 Corporate 3.0:
 d0dae82e4a5f3e1e4c13c8886daa7e7b 
 corporate/3.0/i586/bind-9.2.3-6.4.C30mdk.i586.rpm
 237a8a3b0d0f3407a93a7f308eb7ac06 
 corporate/3.0/i586/bind-devel-9.2.3-6.4.C30mdk.i586.rpm
 abcf17e76c7cdf8ec8e6bbef2adfd79c 
 corporate/3.0/i586/bind-utils-9.2.3-6.4.C30mdk.i586.rpm 
 bf83bec867df0283d4977e50b8a51a09 
 corporate/3.0/SRPMS/bind-9.2.3-6.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1394468eeb12fb9c2c52147eb1637a83 
 corporate/3.0/x86_64/bind-9.2.3-6.4.C30mdk.x86_64.rpm
 cd488003e8eb7174aa844896ace756f2 
 corporate/3.0/x86_64/bind-devel-9.2.3-6.4.C30mdk.x86_64.rpm
 f2fb153097f51bc2e99e31051b8b83cb 
 corporate/3.0/x86_64/bind-utils-9.2.3-6.4.C30mdk.x86_64.rpm 
 bf83bec867df0283d4977e50b8a51a09 
 corporate/3.0/SRPMS/bind-9.2.3-6.4.C30mdk.src.rpm

 Corporate 4.0:
 324fe3327eada40144bf44b4a31ba869 
 corporate/4.0/i586/bind-9.3.2-7.3.20060mlcs4.i586.rpm
 c2f1b22c3edd38f9a8c87d96ca36b271 
 corporate/4.0/i586/bind-devel-9.3.2-7.3.20060mlcs4.i586.rpm
 6f1cc8352c44a5ecf3affaf86981d505 
 corporate/4.0/i586/bind-utils-9.3.2-7.3.20060mlcs4.i586.rpm 
 e36c4caca840fb114238bffa3875e8a5 
 corporate/4.0/SRPMS/bind-9.3.2-7.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c7a8dfd717b9a09d8dc41a3cb965dc5b 
 corporate/4.0/x86_64/bind-9.3.2-7.3.20060mlcs4.x86_64.rpm
 138e7372d556d5d9e4752fd8b0f2a51f 
 corporate/4.0/x86_64/bind-devel-9.3.2-7.3.20060mlcs4.x86_64.rpm
 bea2637f03f65bb5348518be66829d73 
 corporate/4.0/x86_64/bind-utils-9.3.2-7.3.20060mlcs4.x86_64.rpm 
 e36c4caca840fb114238bffa3875e8a5 
 corporate/4.0/SRPMS/bind-9.3.2-7.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 518dcd7390cbb5e05d2303ca1743c793  mnf/2.0/i586/bind-9.2.3-6.4.M20mdk.i586.rpm
 22b28fe7739525ac2fe596a522473c32 
 mnf/2.0/i586/bind-devel-9.2.3-6.4.M20mdk.i586.rpm
 a6cb4e78f4f0f59a173ac58abd50011c 
 mnf/2.0/i586/bind-utils-9.2.3-6.4.M20mdk.i586.rpm 
 00a33a7531bbf5bad6d74bb9f3978a78  mnf/2.0/SRPMS/bind-9.2.3-6.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGp5JimqjQ0CJFipgRAqD6AJ9OTBYJpKC/KgUUCTznXm0MpPuWTQCfcVP9
ZQO+2o8wd82rf9m4/arm09M=
=vTH7
-----END PGP SIGNATURE-----


------------=_1185403676-7034-160
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1185403676-7034-160--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung