oval:org.mitre.oval:def:11783

Definition Id: oval:org.mitre.oval:def:11783

Oval ID:	oval:org.mitre.oval:def:11783
Title:	DSA-2054 bind9 -- DNS cache poisoning
Description:	Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data flag to a forged NXDOMAIN response for an existing domain. When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the "roll over and die" phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root , and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using "apt-get dist-upgrade".
Family:	unix	Class:	patch
Reference(s):	DSA-2054 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):	bind9
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND bind9-doc is earlier than 9.6.ESV.R1+dfsg-0+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section dnsutils is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND libbind-dev is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND bind9 is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND libisc52 is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND libbind9-50 is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND bind9utils is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND libdns55 is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND liblwres50 is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND lwresd is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND libisccfg50 is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND libisccc50 is earlier than 9.6.ESV.R1+dfsg-0+lenny1 AND bind9-host is earlier than 9.6.ESV.R1+dfsg-0+lenny1

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:11783

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0319s

Facebook rss twitter linkedin mail