HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to create a Denial of Service (DoS) and permit unauthorized disclosure of information.
bd8b17704deb1ab7649c91532d1c94ef776dd4816a7809ba4ddc9d701b153d10Debian Linux Security Advisory 2054-2 - This update restores the PID file location for bind to the location before the last security update. Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.
641008a7bc8797a719b9c5b286467557338f36a004d245409d2fafcdeac55ac7Debian Linux Security Advisory 2054-1 - Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.
3f735c4833aeac702aa70117b4ee33364894fa1b8bd7021809591297abc6b061Gentoo Linux Security Advisory 201006-11 - Several cache poisoning vulnerabilities have been found in BIND. Multiple cache poisoning vulnerabilities were discovered in BIND. Versions less than 9.4.3_p5 are affected.
e8507ae0312f6e16b9fc87551331eaa59be119931581a9defa718586c4ca5f8fMandriva Linux Security Advisory 2010-021 - The original fix for was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version.
fde9ce451295f0fdc7dc688f5f0672ee2a2653ca75f5f9708eab123dfd58073cUbuntu Security Notice 888-1 - It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
0cfe920e44dece7a866b45de4a885c3fdd90cec12f9a05bff742df28193d5751
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed