Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2008:139 ] - Updated BIND packages fix critical DNS vulnerability
From: security () mandriva com
Date: Wed, 09 Jul 2008 14:49:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:139
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bind
 Date    : July 9, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A weakness was found in the DNS protocol by Dan Kaminsky.  A remote
 attacker could exploit this weakness to spoof DNS entries and poison
 DNS caches.  This could be used to misdirect users and services;
 i.e. for web and email traffic (CVE-2008-1447).
 
 This update provides the latest stable BIND releases for all platforms
 except Corporate Server/Desktop 3.0 and MNF2, which have been patched
 to correct the issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 73cc24fc9586b7ab290d755012c16a79  2007.1/i586/bind-9.4.2-0.1mdv2007.1.i586.rpm
 70867c50cfd64b4406aa002d627d740b  2007.1/i586/bind-devel-9.4.2-0.1mdv2007.1.i586.rpm
 3603e9d9115466753397a1f472011703  2007.1/i586/bind-utils-9.4.2-0.1mdv2007.1.i586.rpm 
 cf5e4100ecb21a4eb603831e5a6ec23d  2007.1/SRPMS/bind-9.4.2-0.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 4eb7ce0984d3ce3befff667392e3bf3e  2007.1/x86_64/bind-9.4.2-0.1mdv2007.1.x86_64.rpm
 d7b9a9e7d4c52a5b0c54f59ca20bf2d5  2007.1/x86_64/bind-devel-9.4.2-0.1mdv2007.1.x86_64.rpm
 c5c66c9609615029d2f07f7b09a63118  2007.1/x86_64/bind-utils-9.4.2-0.1mdv2007.1.x86_64.rpm 
 cf5e4100ecb21a4eb603831e5a6ec23d  2007.1/SRPMS/bind-9.4.2-0.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 52dfe3970fcd9495b2bb9379a9312b25  2008.0/i586/bind-9.4.2-1mdv2008.0.i586.rpm
 97d20d35b6814aa2f9fab549ca6237c0  2008.0/i586/bind-devel-9.4.2-1mdv2008.0.i586.rpm
 87a7bb3dd25abd8cd882a8f2fdc2398e  2008.0/i586/bind-utils-9.4.2-1mdv2008.0.i586.rpm 
 da4444a8074e6ede39dfa557fb258db7  2008.0/SRPMS/bind-9.4.2-1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 b9d0337363bc1e2b14505f25d4ee5f99  2008.0/x86_64/bind-9.4.2-1mdv2008.0.x86_64.rpm
 9b75e2a96784c00c2912bc3bf333d089  2008.0/x86_64/bind-devel-9.4.2-1mdv2008.0.x86_64.rpm
 0a593b090d9e6bda3666e234056e19ba  2008.0/x86_64/bind-utils-9.4.2-1mdv2008.0.x86_64.rpm 
 da4444a8074e6ede39dfa557fb258db7  2008.0/SRPMS/bind-9.4.2-1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 2534ef007262d4ea2d219bab0190466c  2008.1/i586/bind-9.5.0-3mdv2008.1.i586.rpm
 c3feee5d05aa3aee14cd70a2d295d0b1  2008.1/i586/bind-devel-9.5.0-3mdv2008.1.i586.rpm
 f306c06665b723a2530258e6d1dbdae2  2008.1/i586/bind-doc-9.5.0-3mdv2008.1.i586.rpm
 967ef80628f92160930bc3a3827a216e  2008.1/i586/bind-utils-9.5.0-3mdv2008.1.i586.rpm 
 70fc7a7964944a2926979710c5148ed1  2008.1/SRPMS/bind-9.5.0-3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 3f4d96d7a7f913c141e1f63cdc7e7336  2008.1/x86_64/bind-9.5.0-3mdv2008.1.x86_64.rpm
 420db658366763686198f41394aa72b3  2008.1/x86_64/bind-devel-9.5.0-3mdv2008.1.x86_64.rpm
 6f3674f68311494c5a9ff0dbce831e82  2008.1/x86_64/bind-doc-9.5.0-3mdv2008.1.x86_64.rpm
 4294b3a086b89bf53c5c967c17962447  2008.1/x86_64/bind-utils-9.5.0-3mdv2008.1.x86_64.rpm 
 70fc7a7964944a2926979710c5148ed1  2008.1/SRPMS/bind-9.5.0-3mdv2008.1.src.rpm

 Corporate 3.0:
 de2a4372d1c25d73f343c9fcb044c9dd  corporate/3.0/i586/bind-9.2.3-6.5.C30mdk.i586.rpm
 1f24f6dbdb6c02e21cbbef99555049cb  corporate/3.0/i586/bind-devel-9.2.3-6.5.C30mdk.i586.rpm
 00405b98290d5a41f226081baa57e18d  corporate/3.0/i586/bind-utils-9.2.3-6.5.C30mdk.i586.rpm 
 6a237dc290f4f7c463b1996e6a4a4515  corporate/3.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 628162f3d6a414828d2231fefc46842b  corporate/3.0/x86_64/bind-9.2.3-6.5.C30mdk.x86_64.rpm
 dd29ff31a9cffcc1b20fd045869d7013  corporate/3.0/x86_64/bind-devel-9.2.3-6.5.C30mdk.x86_64.rpm
 c475c1a4d048e04da1fc27dcbb17c3f3  corporate/3.0/x86_64/bind-utils-9.2.3-6.5.C30mdk.x86_64.rpm 
 6a237dc290f4f7c463b1996e6a4a4515  corporate/3.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm

 Corporate 4.0:
 271ead204904be302d197cd542f5ae23  corporate/4.0/i586/bind-9.3.5-0.4.20060mlcs4.i586.rpm
 42413dcc1cf053e735216f767eff4e5d  corporate/4.0/i586/bind-devel-9.3.5-0.4.20060mlcs4.i586.rpm
 0201afe493a41e1deedc9bf7e9725f4a  corporate/4.0/i586/bind-utils-9.3.5-0.4.20060mlcs4.i586.rpm 
 86bc0cdc9ed1b959b6f56e0660268f2e  corporate/4.0/SRPMS/bind-9.3.5-0.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b1a18a7d0578dab7bd825eda6c682b3d  corporate/4.0/x86_64/bind-9.3.5-0.4.20060mlcs4.x86_64.rpm
 6a2ebd550feb9147058de05b1a1ef04d  corporate/4.0/x86_64/bind-devel-9.3.5-0.4.20060mlcs4.x86_64.rpm
 670a1b934ce4974b8505018ab69ade0b  corporate/4.0/x86_64/bind-utils-9.3.5-0.4.20060mlcs4.x86_64.rpm 
 86bc0cdc9ed1b959b6f56e0660268f2e  corporate/4.0/SRPMS/bind-9.3.5-0.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 5b694c24cc2092e38f531dbfdd5c9d41  mnf/2.0/i586/bind-9.2.3-6.5.C30mdk.i586.rpm
 c08bc805027059c47bed32215f17eacb  mnf/2.0/i586/bind-utils-9.2.3-6.5.C30mdk.i586.rpm 
 39225289516498e1b071c5059306f2b9  mnf/2.0/SRPMS/bind-9.2.3-6.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIdPwTmqjQ0CJFipgRAm9AAJ9/UOAuOWDL1KgnMNGM/224QGUNQgCfW+G9
J7qxrU208lhOcIjhtq8FWX8=
=91dV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2008:139 ] - Updated BIND packages fix critical DNS vulnerability security (Jul 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]