what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Gentoo Linux Security Advisory 200903-14

Gentoo Linux Security Advisory 200903-14
Posted Mar 9, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-14 - Incomplete verification of RSA and DSA certificates might lead to spoofed records authenticated using DNSSEC. BIND does not properly check the return value from the OpenSSL functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) certificates. Versions less than 9.4.3_p1 are affected.

tags | advisory, spoof
systems | linux, gentoo
advisories | CVE-2009-0025, CVE-2009-0265
SHA-256 | 65d79671fc4d8b5e91d51aac2cfeae01b0fa6697d3ac98832479ee8f3cd10005

Gentoo Linux Security Advisory 200903-14

Change Mirror Download
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200903-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: BIND: Incorrect signature verification
Date: March 09, 2009
Bugs: #254134, #257949
ID: 200903-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Incomplete verification of RSA and DSA certificates might lead to
spoofed records authenticated using DNSSEC.

Background
==========

ISC BIND is the Internet Systems Consortium implementation of the
Domain Name System (DNS) protocol.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.4.3_p1 >= 9.4.3_p1

Description
===========

BIND does not properly check the return value from the OpenSSL
functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265)
certificates.

Impact
======

A remote attacker could bypass validation of the certificate chain to
spoof DNSSEC-authenticated records.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All BIND users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p1"

References
==========

[ 1 ] CVE-2009-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
[ 2 ] CVE-2009-0265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200903-14.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close