what you don't know can hurt you

Mandriva Linux Security Advisory 2009-304

Mandriva Linux Security Advisory 2009-304
Posted Nov 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-304 - Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO. Additionally BIND has been upgraded to the latest point release or closest supported version by ISC.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2009-4022
MD5 | c8fbf818bbf185917fccf79da8519a38

Mandriva Linux Security Advisory 2009-304

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:304
http://www.mandriva.com/security/
_______________________________________________________________________

Package : bind
Date : November 26, 2009
Affected: 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Some vulnerabilities were discovered and corrected in bind:

Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5
before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3,
and 9.0.x through 9.3.x with DNSSEC validation enabled and checking
disabled (CD), allows remote attackers to conduct DNS cache poisoning
attacks via additional sections in a response sent for resolution
of a recursive client query, which is not properly handled when the
response is processed at the same time as requesting DNSSEC records
(DO). (CVE-2009-4022).

Additionally BIND has been upgraded to the latest point release or
closest supported version by ISC.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
https://www.isc.org/node/504
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
350aede988c5fea9c534c9f6b453a6d9 2009.0/i586/bind-9.5.2-0.1mdv2009.0.i586.rpm
63dae25d60dce8878a87b0eeaa457285 2009.0/i586/bind-devel-9.5.2-0.1mdv2009.0.i586.rpm
b3e98fd47dbff14ad213a8ca8a6e466d 2009.0/i586/bind-doc-9.5.2-0.1mdv2009.0.i586.rpm
fa56daa8b48c17fbcf9e0d59ded29123 2009.0/i586/bind-utils-9.5.2-0.1mdv2009.0.i586.rpm
75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
12d89eb11dda9285afdcd1e315c47261 2009.0/x86_64/bind-9.5.2-0.1mdv2009.0.x86_64.rpm
7314c3bdb02a8d332a5c809ade05ffa8 2009.0/x86_64/bind-devel-9.5.2-0.1mdv2009.0.x86_64.rpm
c87e38d4da7e29bcf756afce7266dc96 2009.0/x86_64/bind-doc-9.5.2-0.1mdv2009.0.x86_64.rpm
0c7822fea0b4b39fb1330c98c3ac72e6 2009.0/x86_64/bind-utils-9.5.2-0.1mdv2009.0.x86_64.rpm
75ef743d58dbfc382e88fef13788f71f 2009.0/SRPMS/bind-9.5.2-0.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:
85b9888ba8e24104787ee69eaa471f5d 2009.1/i586/bind-9.6.1-0.1mdv2009.1.i586.rpm
e251bc5c2c1065c0ceefa31b6fa7b8a9 2009.1/i586/bind-devel-9.6.1-0.1mdv2009.1.i586.rpm
53f7c3477e5d3f3ebc3376ecb63a2eec 2009.1/i586/bind-doc-9.6.1-0.1mdv2009.1.i586.rpm
144e76e8e28f839dafd1a0c2816345a8 2009.1/i586/bind-utils-9.6.1-0.1mdv2009.1.i586.rpm
d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
5a8c68cf6b92bcb1de285aa151550806 2009.1/x86_64/bind-9.6.1-0.1mdv2009.1.x86_64.rpm
224a8d280a689e2918c99f50d95a286b 2009.1/x86_64/bind-devel-9.6.1-0.1mdv2009.1.x86_64.rpm
d2339b9352a58a33e3e347d30f3112af 2009.1/x86_64/bind-doc-9.6.1-0.1mdv2009.1.x86_64.rpm
9af5d666780c971c014e4703a02735f5 2009.1/x86_64/bind-utils-9.6.1-0.1mdv2009.1.x86_64.rpm
d11449cedd0e738e27518e5f65c06628 2009.1/SRPMS/bind-9.6.1-0.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:
370e9b2a7a28cbed55406fe55726362d 2010.0/i586/bind-9.6.1-4.1mdv2010.0.i586.rpm
a5ac29331aee65433a5892cd836f0c98 2010.0/i586/bind-devel-9.6.1-4.1mdv2010.0.i586.rpm
e7cc049f431f380300371341d5310c61 2010.0/i586/bind-doc-9.6.1-4.1mdv2010.0.i586.rpm
2e1ca9662985205be96c85ffda316da1 2010.0/i586/bind-utils-9.6.1-4.1mdv2010.0.i586.rpm
11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
3cc9cd36796d0e385d0768fca4e1df26 2010.0/x86_64/bind-9.6.1-4.1mdv2010.0.x86_64.rpm
f4544efd9648274c057ff83340d9dbfb 2010.0/x86_64/bind-devel-9.6.1-4.1mdv2010.0.x86_64.rpm
6110c4726cc972c0226ffa89264c2d3a 2010.0/x86_64/bind-doc-9.6.1-4.1mdv2010.0.x86_64.rpm
fbb65979f1b2c1184a4511eb554d9705 2010.0/x86_64/bind-utils-9.6.1-4.1mdv2010.0.x86_64.rpm
11cb180925f7705960f23d853fa75a82 2010.0/SRPMS/bind-9.6.1-4.1mdv2010.0.src.rpm

Corporate 4.0:
efa9da62f2e60853b87767f00ca547ef corporate/4.0/i586/bind-9.4.3-0.1.20060mlcs4.i586.rpm
7527a21df42df4e7868ba61879f42518 corporate/4.0/i586/bind-devel-9.4.3-0.1.20060mlcs4.i586.rpm
7646549a4dcc5f65e8ea6f8067e95070 corporate/4.0/i586/bind-utils-9.4.3-0.1.20060mlcs4.i586.rpm
36463b1e9d167038f904ca7df177898b corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
e41861745bb151fb5efc1bf9b50f6505 corporate/4.0/x86_64/bind-9.4.3-0.1.20060mlcs4.x86_64.rpm
9dd765db9f38a16221a275b96281802f corporate/4.0/x86_64/bind-devel-9.4.3-0.1.20060mlcs4.x86_64.rpm
4ae28b93e75875ec58e3bb5dbc39494d corporate/4.0/x86_64/bind-utils-9.4.3-0.1.20060mlcs4.x86_64.rpm
36463b1e9d167038f904ca7df177898b corporate/4.0/SRPMS/bind-9.4.3-0.1.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
4c906960098af8693448ac5cb3766379 mes5/i586/bind-9.5.2-0.1mdvmes5.i586.rpm
9628b329b44d2d5969f7ff277d3d7f0b mes5/i586/bind-devel-9.5.2-0.1mdvmes5.i586.rpm
5e4096b88a627c1dec4238dfcf401ba2 mes5/i586/bind-doc-9.5.2-0.1mdvmes5.i586.rpm
dcc67d5dc6e2df19b70bfc7eb07e3633 mes5/i586/bind-utils-9.5.2-0.1mdvmes5.i586.rpm
78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
4bc1fb9a2260d4dda412102e7eca322b mes5/x86_64/bind-9.5.2-0.1mdvmes5.x86_64.rpm
bf243b38288fd02299fe250547060d9d mes5/x86_64/bind-devel-9.5.2-0.1mdvmes5.x86_64.rpm
c5913b8326477c600d4bd5f3524218ec mes5/x86_64/bind-doc-9.5.2-0.1mdvmes5.x86_64.rpm
e555c924894703f24d91f9e4c7715927 mes5/x86_64/bind-utils-9.5.2-0.1mdvmes5.x86_64.rpm
78aa573ae412f837d942225a77e56398 mes5/SRPMS/bind-9.5.2-0.1mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLDqxBmqjQ0CJFipgRAq5SAKCtfakAexWy/C5PkEsNrFfrk7gQHwCgvY9R
pmiCd4VANBSFJKkMchIBpjE=
=q1sN
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close