Executive Summary
| Summary | |
|---|---|
| Title | New bind9 packages fix cache poisoning |
| Informations | |||
|---|---|---|---|
| Name | DSA-2054 | First vendor Publication | 2010-06-04 |
| Vendor | Debian | Last vendor Modification | 2010-06-15 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.6 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This update restores the PID file location for bind to the location before the last security update. For reference, here is the original advisory text that explains the security problems fixed: Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root (RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade" (or an equivalent aptitude command). For the stable distribution (lenny), these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny2. The unstable distribution is not affected by the wrong PID file location. We recommend that you upgrade your bind9 packages. |
Original Source
| Url : http://www.debian.org/security/2010/dsa-2054 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11753 | |||
| Oval ID: | oval:org.mitre.oval:def:11753 | ||
| Title: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11783 | |||
| Oval ID: | oval:org.mitre.oval:def:11783 | ||
| Title: | DSA-2054 bind9 -- DNS cache poisoning | ||
| Description: | Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root , and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2054 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bind9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12205 | |||
| Oval ID: | oval:org.mitre.oval:def:12205 | ||
| Title: | HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses. | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13115 | |||
| Oval ID: | oval:org.mitre.oval:def:13115 | ||
| Title: | DSA-2054-2 bind9 -- DNS cache poisoning | ||
| Description: | This update restores the PID file location for bind to the location before the last security update. For reference, here is the original advisory text that explains the security problems fixed: Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny2. The unstable distribution is not affected by the wrong PID file location. We recommend that you upgrade your bind9 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2054-2 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bind9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13187 | |||
| Oval ID: | oval:org.mitre.oval:def:13187 | ||
| Title: | DSA-2054-1 bind9 -- DNS cache poisoning | ||
| Description: | Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root, and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade". For the stable distribution, these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny1. For the unstable distribution, these problems have been fixed in version 1:9.7.0.dfsg-1. We recommend that you upgrade your bind9 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2054-1 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | bind9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20476 | |||
| Oval ID: | oval:org.mitre.oval:def:20476 | ||
| Title: | Multiple vulnerabilities in AIX BIND | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 6 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20762 | |||
| Oval ID: | oval:org.mitre.oval:def:20762 | ||
| Title: | Multiple vulnerabilities in AIX BIND | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 6 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21912 | |||
| Oval ID: | oval:org.mitre.oval:def:21912 | ||
| Title: | RHSA-2010:0062: bind security update (Moderate) | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0062-02 CESA-2010:0062 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | bind |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22749 | |||
| Oval ID: | oval:org.mitre.oval:def:22749 | ||
| Title: | ELSA-2010:0062: bind security update (Moderate) | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0062-02 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | bind |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28008 | |||
| Oval ID: | oval:org.mitre.oval:def:28008 | ||
| Title: | DEPRECATED: ELSA-2010-0062 -- bind security update (moderate) | ||
| Description: | [30:9.3.6-4.P1.2] - NSEC validation code could cause wrong NXDOMAIN responses (#554851, CVE-2010-0097) - improve fix for CVE-2009-4022 (#538744) - {C,D}NAMEs could be returned to clients without proper DNSSEC validation - don't validate + cache out-of-bailiwick data returned with a secure answer. Refetch it instead. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0062 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | bind |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6665 | |||
| Oval ID: | oval:org.mitre.oval:def:6665 | ||
| Title: | HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 6 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6815 | |||
| Oval ID: | oval:org.mitre.oval:def:6815 | ||
| Title: | HP-UX Running BIND, Remote Denial of Service (DoS), Unauthorized Disclosure of Information | ||
| Description: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0290 | Version: | 6 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7086 | |||
| Oval ID: | oval:org.mitre.oval:def:7086 | ||
| Title: | ISC BIND 9 Cache Poisoning Vulnerability | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0382 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7212 | |||
| Oval ID: | oval:org.mitre.oval:def:7212 | ||
| Title: | ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7430 | |||
| Oval ID: | oval:org.mitre.oval:def:7430 | ||
| Title: | A vulnerability in the way named(1M) handles recursive client queries may allow a remote unprivileged user to cause named(1M) to return NXDOMAIN (Non-Existent Domain) for Internet hosts thus causing a Denial of Service (DoS) for those hosts to end users | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 3 |
| Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7512 | |||
| Oval ID: | oval:org.mitre.oval:def:7512 | ||
| Title: | ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability | ||
| Description: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0290 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8884 | |||
| Oval ID: | oval:org.mitre.oval:def:8884 | ||
| Title: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Description: | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0290 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9357 | |||
| Oval ID: | oval:org.mitre.oval:def:9357 | ||
| Title: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Description: | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0097 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
| 2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
| 2011-08-09 | Name : CentOS Update for bind CESA-2010:0062 centos5 i386 File : nvt/gb_CESA-2010_0062_bind_centos5_i386.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-11 (BIND) File : nvt/glsa_201006_11.nasl |
| 2010-10-01 | Name : HP-UX Update for BIND HPSBUX02546 File : nvt/gb_hp_ux_HPSBUX02546.nasl |
| 2010-07-06 | Name : Debian Security Advisory DSA 2054-2 (bind9) File : nvt/deb_2054_2.nasl |
| 2010-06-10 | Name : Debian Security Advisory DSA 2054-1 (bind9) File : nvt/deb_2054_1.nasl |
| 2010-04-30 | Name : HP-UX Update for BIND HPSBUX02519 File : nvt/gb_hp_ux_HPSBUX02519.nasl |
| 2010-03-02 | Name : Fedora Update for bind FEDORA-2010-0861 File : nvt/gb_fedora_2010_0861_bind_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for bind FEDORA-2010-0868 File : nvt/gb_fedora_2010_0868_bind_fc12.nasl |
| 2010-01-29 | Name : SuSE Update for acroread SUSE-SA:2010:008 File : nvt/gb_suse_2010_008.nasl |
| 2010-01-25 | Name : RedHat Update for bind RHSA-2010:0062-02 File : nvt/gb_RHSA-2010_0062-02_bind.nasl |
| 2010-01-22 | Name : Mandriva Update for bind MDVSA-2010:021 (bind) File : nvt/gb_mandriva_MDVSA_2010_021.nasl |
| 2010-01-22 | Name : Ubuntu Update for bind9 vulnerabilities USN-888-1 File : nvt/gb_ubuntu_USN_888_1.nasl |
| 2010-01-20 | Name : ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability File : nvt/bind_37865.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-176-01 bind File : nvt/esoft_slk_ssa_2010_176_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62008 | ISC BIND Secure Response Refetch Weakness Unspecified Issue |
| 62007 | ISC BIND Recursive Client Query CNAME / DNAME Response DNS Cache Poisoning |
| 61853 | ISC BIND DNSSEC Validation Crafted NXDOMAIN Request Cache Poisoning |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-04-21 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-07-31 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17025.nasl - Type : ACT_GATHER_INFO |
| 2014-11-04 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15787.nasl - Type : ACT_GATHER_INFO |
| 2014-10-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15748.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0062.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV09491.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV09978.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV10049.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11742.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11743.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IV11744.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100120_bind_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
| 2011-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-176-01.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0868.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-0861.nasl - Type : ACT_GATHER_INFO |
| 2010-06-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2054.nasl - Type : ACT_GATHER_INFO |
| 2010-06-07 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_40339.nasl - Type : ACT_GATHER_INFO |
| 2010-06-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-11.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_bind-100121.nasl - Type : ACT_GATHER_INFO |
| 2010-01-22 | Name : The remote name server is affected by a cache poisoning vulnerability. File : bind9_bogus_nxdomain_caching.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-021.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-888-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0062.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote name server is affected by a cache poisoning vulnerability. File : bind9_dnssec_cache_poisoning.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:29:27 |
|
