Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201006-11 ] BIND: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1539

PostPosted: Wed Jun 02, 2010 2:26 am    Post subject: [ GLSA 201006-11 ] BIND: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: BIND: Multiple vulnerabilities (GLSA 201006-11)
Severity: normal
Exploitable: remote
Date: June 01, 2010
Bug(s): #301548, #308035
ID: 201006-11

Synopsis


Several cache poisoning vulnerabilities have been found in BIND.


Background


ISC BIND is the Internet Systems Consortium implementation of the
Domain Name System (DNS) protocol.


Affected Packages

Package: net-dns/bind
Vulnerable: < 9.4.3_p5
Unaffected: >= 9.4.3_p5
Architectures: All supported architectures


Description


Multiple cache poisoning vulnerabilities were discovered in BIND. For
further information please consult the CVE entries and the ISC Security
Bulletin referenced below.

Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete
fix and a regression for CVE-2009-4022.


Impact


An attacker could exploit this weakness to poison the cache of a
recursive resolver and thus spoof DNS traffic, which could e.g. lead to
the redirection of web or mail traffic to malicious sites.


Workaround


There is no known workaround at this time.


Resolution


All BIND users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p5"


References

ISC Advisory
CVE-2009-4022
CVE-2010-0097
CVE-2010-0290
CVE-2010-0382
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum