What Are You Looking For?

Sign Up
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201006-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: BIND: Multiple vulnerabilities
      Date: June 01, 2010
      Bugs: #301548, #308035
        ID: 201006-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Several cache poisoning vulnerabilities have been found in BIND.

Background
=========
ISC BIND is the Internet Systems Consortium implementation of the
Domain Name System (DNS) protocol.

Affected packages
================
    -------------------------------------------------------------------
     Package       /  Vulnerable  /                         Unaffected
    -------------------------------------------------------------------
  1  net-dns/bind     < 9.4.3_p5                           >= 9.4.3_p5

Description
==========
Multiple cache poisoning vulnerabilities were discovered in BIND. For
further information please consult the CVE entries and the ISC Security
Bulletin referenced below.

Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete
fix and a regression for CVE-2009-4022.

Impact
=====
An attacker could exploit this weakness to poison the cache of a
recursive resolver and thus spoof DNS traffic, which could e.g. lead to
the redirection of web or mail traffic to malicious sites.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All BIND users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p5"

References
=========
  [ 1 ] ISC Advisory
          [ 2 ] CVE-2009-4022
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
  [ 3 ] CVE-2010-0097
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
  [ 4 ] CVE-2010-0290
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290
  [ 5 ] CVE-2010-0382
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  https://security.gentoo.org/glsa/glsa-201006-11.xml

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-201006-11: BIND: Multiple vulnerabilities

Several cache poisoning vulnerabilities have been found in BIND.

Summary

Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete fix and a regression for CVE-2009-4022.

Resolution

All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p5"

References

[ 1 ] ISC Advisory [ 2 ] CVE-2009-4022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 [ 3 ] CVE-2010-0097 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 [ 4 ] CVE-2010-0290 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290 [ 5 ] CVE-2010-0382 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/glsa-201006-11.xml

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: BIND: Multiple vulnerabilities
Issued Date: June 01, 2010
Bugs: #301548, #308035
ID: 201006-11

Synopsis

Several cache poisoning vulnerabilities have been found in BIND.

Background

ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.4.3_p5 >= 9.4.3_p5

Impact

===== An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites.

Workaround

There is no known workaround at this time.

Related News

The Rust Foundation to Develop Training and Certification Program

Dec 3, 2023

Severe Chromium Bug Threatens Sensitive Data, System Availability

Nov 13, 2023

New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

Nov 15, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo