HP Security Bulletin HPSBOV03226 2 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. No update is required for BIND clients. Revision 2 of this advisory.
4935d3f1fb7ea8e8542d5095cd4cb2b982b905b4752fdda66d72da48b1f6e88dHP Security Bulletin HPSBOV03226 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
1857a5c488eb234718c79babaf33fe34e2dcf8b047d172d2c3860ec769591b8eVMware Security Advisory - ESX patches for OpenSSL, vim and bind resolve several security issues. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Various vulnerabilities were discovered in vim such as format string issues and input validation problems.
6cb3c24c65b6ce75a60be81d773ffe92365d8866329c83302255f5fa55cec7f1Gentoo Linux Security Advisory GLSA 200903-14 - Incomplete verification of RSA and DSA certificates might lead to spoofed records authenticated using DNSSEC. BIND does not properly check the return value from the OpenSSL functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) certificates. Versions less than 9.4.3_p1 are affected.
65d79671fc4d8b5e91d51aac2cfeae01b0fa6697d3ac98832479ee8f3cd10005SUSE Security Announcement - Some months ago a vulnerability in the DNS protocol was published that allowed easy spoofing of DNS entries. The only way to protect against spoofing is to use DNSSEC. Unfortunately the bind code that verifies the certification chain of a DNSSEC zone transfer does not properly check the return value of function DSA_do_verify(). This allows the spoofing of records signed with DSA or NSEC3DSA.
d74f87bbc2b59d50b480b14aef11ea8b5953c91c5ba250a23200d96840fc5172FreeBSD Security Advisory - The DSA_do_verify() function from OpenSSL is used to determine if a DSA digital signature is valid. When DNSSEC is used within BIND it uses DSA_do_verify() to verify DSA signatures, but checks the function return value incorrectly.
220d4fa821366af296e126574f48d4b6710134d13644b63e90dc0e60ac9c10b8Debian Security Advisory 1703-1 - It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine.
2870f20bb99066f6892b5f6fa5169dbaaf0c0c11caa6558bdfeb5f57ca91f20eMandriva Linux Security Advisory 2009-002 - A flaw was found in how BIND checked the return value of the OpenSSL DSA_do_verify() function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks. The updated packages have been patched to prevent this issue.
f5ac0c1b64abd0ed14f9d1384a0c904eafde76828a5dfc3b8a5b0d65de9cfc9aUbuntu Security Notice USN-706-1 - It was discovered that Bind did not properly perform certificate verification. When DNSSEC with DSA certificates are in use, a remote attacker could exploit this to bypass certificate validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
b23a84a6d2c4fea39375286b937b3436f0ba4ad561bbfcbc61fbe197d2a045d6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed