ID

VAR-200707-0675

CVE

CVE-2008-1447

TITLE

Multiple DNS implementations vulnerable to cache poisoning

DESCRIPTION

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.". Various implementations of DNS services may allow multiple simultaneous queries for the same resource record, allowing an attacker to apply probabilistic techniques to improve their odds of successful DNS spoofing. Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. RESOLUTION The resolution is to discontinue the use of BIND/iX and migrate DNS services to another platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1617-1 security@debian.org http://www.debian.org/security/ Devin Carraway July 25, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : refpolicy Vulnerability : incompatible policy Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1447 Debian Bug : 490271 In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. Because the Debian refpolicy packages are not yet designed with policy module upgradeability in mind, and because SELinux-enabled Debian systems often have some degree of site-specific policy customization, it is difficult to assure that the new bind policy can be successfully upgraded. To this end, the package upgrade will not abort if the bind policy update fails. The new policy module can be found at /usr/share/selinux/refpolicy-targeted/bind.pp after installation. Administrators wishing to use the bind service policy can reconcile any policy incompatibilities and install the upgrade manually thereafter. A more detailed discussion of the corrective procedure may be found here: http://wiki.debian.org/SELinux/Issues/BindPortRandomization For the stable distribution (etch), this problem has been fixed in version 0.0.20061018-5.1+etch1. The unstable distribution (sid) is not affected, as subsequent refpolicy releases have incorporated an analogous change. We recommend that you upgrade your refpolicy packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018.orig.tar.gz Size/MD5 checksum: 571487 1bb326ee1b8aea1fa93c3bd86a3007ee http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.diff.gz Size/MD5 checksum: 53515 bd171f0cfa9adc59d451d176fb32c913 http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.dsc Size/MD5 checksum: 859 52bc8ea0cab864e990e9dacc4db3b678 Architecture independent packages: http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-strict_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 1541610 626c93fc13beaa01ff151d9103a7860b http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 289230 b082a861eda93f9bc06dd2e2f03ba89d http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 1288314 c00ed4f0ea4ddbb8dd945c24c710c788 http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-src_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 595490 841f616c8f08b22ed7077c21c1065026 http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-dev_0.0.20061018-5.1+etch1_all.deb Size/MD5 checksum: 418666 bee3f41fe8771b7b88693937814494a3 These files will probably be moved into the stable distribution on its next update. NOTE: These vulnerabilities impact OpenVMS TCP/IP BIND servers only. HP TCP/IP Services for OpenVMS 5.7 ECO5 package is available from the following location: The HP TCP/IP Services for OpenVMS 5.7 ECO5 kits for both Integrity and Alpha platforms have been uploaded to HP Support Center website. Customers can access the kits from Patch Management page. In IP NAT filtering in Sun Solaris 10 and OpenSolaris series products, when a DNS server runs NAT, it incorrectly changes the original address of the data packet. When the destination address is a DNS port, it will allow remote attackers to bypass CVE-2008 -1447 security protection. And spoof the address returned by the DNS response. Background ========== Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/dnsmasq < 2.45 >= 2.45 Description =========== * Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). * Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact ====== A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. Description =========== == Several vulnerabilities in safe level == Multiple errors in the implementation of safe level restrictions can be exploited to call "untrace_var()", perform syslog operations, and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels 1 through 3. (These vulnerabilities were reported by Keita Yamaguchi.) == DoS vulnerability in WEBrick == An error exists in the usage of regular expressions in "WEBrick::HTTPUtils.split_header_value()". This can be exploited to consume large amounts of CPU via a specially crafted HTTP request. (This vulnerability was reported by Christian Neukirchen.) == Lack of taintness check in dl == An error in "DL" can be exploited to bypass security restrictions and call potentially dangerous functions. (This vulnerability was reported by Tanaka Akira.) Affected packages: Pardus 2008: ruby, all before 1.8.7_p72-16-4 ruby-mode, all before 1.8.7_p72-16-4 Pardus 2007: ruby, all before 1.8.7_p72-16-13 ruby-mode, all before 1.8.7_p72-16-4 Resolution ========== There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up ruby ruby-mode Pardus 2007: pisi up ruby ruby-mode References ========== * http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 * http://secunia.com/advisories/31430/ ------------------------------------------------------------------------ -- Pınar Yanardağ http://pinguar.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. The BIND 8 legacy code base could not be updated to include the recommended countermeasure (source port randomization, see DSA-1603-1 for details). There are two ways to deal with this situation: 1. The documentation included with BIND 9 contains a migration guide. 2. Configure the BIND 8 resolver to forward queries to a BIND 9 resolver. Provided that the network between both resolvers is trusted, this protects the BIND 8 resolver from cache poisoning attacks (to the same degree that the BIND 9 resolver is protected). This problem does not apply to BIND 8 when used exclusively as an authoritative DNS server. It is theoretically possible to safely use BIND 8 in this way, but updating to BIND 9 is strongly recommended. BIND 8 (that is, the bind package) will be removed from the etch distribution in a future point release. Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. References: MS08-037 (CVE-2008-1447, CVE-2008-1454), MS08-038 (CVE-2008-1435), MS08-039 (CVE-2008-2247, CVE-2008-2248), MS08-040 (CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107). Patches released by Microsoft after MS06-051 are covered by monthly Security Bulletins. For the full archived list of Microsoft security updates applicable for Storage Management Appliance software v2.1, please refer to the following Security Bulletins available on the IT Resource Center (ITRC) Web site: http://www.itrc.hp.com/service/cki/secBullArchive.do For patches released by Microsoft in 2003, MS03-001 to MS03-051 refer to Security Bulletin HPSBST02146 For patches released by Microsoft in 2004, MS04-001 to MS04-045 refer to Security Bulletin HPSBST02147 For patches released by Microsoft in 2005, MS05-001 to MS05-055 refer to Security Bulletin HPSBST02148 For patches released by Microsoft in 2006, MS06-001 to MS06-051 refer to Security Bulletin HPSBST02140 The Microsoft patch index archive and further details about all Microsoft patches can be found on the following Web site: http://www.microsoft.com/technet/security/bulletin/summary.mspx NOTE: The SMA must have all pertinent SMA Service Packs applied Windows 2000 Update Rollup 1 Customers are advised to download and install the Windows 2000 Update Rollup 1 for Service Pack 4 on SMA v2.1. For more information please refer to the Windows 2000 Update Rollup 1 for Service Pack 4 and Storage Management Appliance v2.1 advisory at the following website: http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=179111&taskId=101&prodTypeId=12169&prodSeriesId=315667 Windows 2000 Update Rollup 1 for SP4 does not include security updates released after April 30, 2005 starting from MS05-026. It also does not include patches MS04-003 and MS04-028. NOTE: Patch installation instructions are shown at the end of this table. ------------------------------------------------- MS Patch - MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230) Analysis - Patch will run successfully. ------------------------------------------------- MS Patch - MS08-038 Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-039 Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- MS Patch - MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) Analysis - SMA does not have this component. Action - Patch will not run successfully. Customers should not be concerned with this issue ------------------------------------------------- Installation Instructions: (if applicable) Download patches to a system other than the SMA Copy the patch to a floppy diskette or to a CD Execute the patch by using Terminal Services to the SMA or by attaching a keyboard, monitor and mouse to the SMA. Note: The Microsoft Windows Installer 3.1 is supported on SMA v2.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01506861 Version: 6 HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-07-16 Last Updated: 2010-12-15 ----------------------------------------------------------------------------- Potential Security Impact: Remote DNS cache poisoning Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. References: CVE-2008-1447 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.3.2 or BIND v9.2.0, HP-UX B.11.11 running BIND v8.1.2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-1447 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates / patch to resolve the vulnerabilities for BIND v9.2.0 and BIND v9.3.2. Customers running BIND v8.1.2 on HP-UX B.11.11 should upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below. A new BIND v9.2.0 depot is available to address an issue encountered on HP-UX B.11.11. The new depot is available by contacting HP Support. The BIND v9.3.2 updates are available for download from: http://software.hp.com The patch PHNE_37865 is available from: http://itrc.hp.com HP-UX Release / Action B.11.11 running v8.1.2 / Upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates listed below, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / BIND Depot name / Action B.11.11 running v9.2.0 / BIND920V15.depot / Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.23 running v9.2.0 / Install PHNE_37865 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. HP-UX Release / Action B.11.11 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.23 running v9.3.2 / Install revision C.9.3.2.7.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. B.11.31 running v9.3.2 / Install revision C.9.3.2.3.0 or subsequent; Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Note: Firewall configurations may need to be adjusted to allow DNS queries from random source ports to pass. In addition, firewalls that forward DNS queries must not replace the random source ports. MANUAL ACTIONS: Yes - NonUpdate Remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. Check firewall settings. For B.11.11 running v8.1.2, upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates For B.11.11 running v9.2.0 install BIND920v15.depot PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa AFFECTED VERSIONS For BIND v8.1.2 HP-UX B.11.11 ============= InternetSrvcs.INETSVCS-RUN action: upgrade to BIND v9.2.0 or BIND v9.3.2 and apply the updates, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. For BIND v9.3.2 HP-UX B.11.11 ============= BindUpgrade.BIND-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.23 ============= BindUpgrade.BIND-UPGRADE BindUpgrade.BIND2-UPGRADE action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com HP-UX B.11.31 ============= NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.3.2.7.0 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://software.hp.com For BIND v9.2.0 HP-UX B.11.11 ============= BINDv920.INETSVCS-BIND action: install revision B.11.11.01.015 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL Contact HP Support for information on where to download depot. HP-UX B.11.23 ============= InternetSrvcs.INETSVCS-INETD InternetSrvcs.INETSVCS-RUN InternetSrvcs.INETSVCS2-RUN action: install patch PHNE_37865 or subsequent, remove "query-source port" and "query-source-v6 port" options in /etc/named.conf. URL: http://itrc.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 16 July 2008 Initial release Version:2 (rev.2) - 19 July 2008 Added BIND v9.2.0 depot information Version:3 (rev.3) - 06 August 2008 Updated patch location, revised BIND v9.2.0 depot information, added BIND v8.1.2 Version:4 (rev.4) - 08 August 2008 Updated manual actions to include named.conf and firewall configuration setings Version:5 (rev.5) - 12 October 2010 Updated version for BIND v9.2.0 depot for B.11.11 Version:6 (rev.6) - 15 December 2010 Reformat v9.2.0 recommendation for clarity. Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0JQB8ACgkQ4B86/C0qfVmfGwCeOT1oSjH7NZVlEmixFnjM5hWp gtAAnj1pfPTQUHenOf3lzoRYLUEoy6xf =/E+O -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: VMware Player, Server, Workstation: Multiple vulnerabilities Date: September 29, 2012 Bugs: #213548, #224637, #236167, #245941, #265139, #282213, #297367, #335866, #385727 ID: 201209-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service. Background ========== VMware Player, Server, and Workstation allow emulation of a complete PC on a PC without the usual performance overhead of most emulators. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/vmware-player <= 2.5.5.328052 Vulnerable! 2 app-emulation/vmware-workstation <= 6.5.5.328052 Vulnerable! 3 app-emulation/vmware-server <= 1.0.9.156507 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact ====== Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo discontinued support for VMware Player. We recommend that users unmerge VMware Player: # emerge --unmerge "app-emulation/vmware-player" NOTE: Users could upgrade to ">=app-emulation/vmware-player-3.1.5", however these packages are not currently stable. Gentoo discontinued support for VMware Workstation. We recommend that users unmerge VMware Workstation: # emerge --unmerge "app-emulation/vmware-workstation" NOTE: Users could upgrade to ">=app-emulation/vmware-workstation-7.1.5", however these packages are not currently stable. Gentoo discontinued support for VMware Server. We recommend that users unmerge VMware Server: # emerge --unmerge "app-emulation/vmware-server" References ========== [ 1 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 2 ] CVE-2007-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 [ 3 ] CVE-2007-5671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 [ 4 ] CVE-2008-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 [ 5 ] CVE-2008-1340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 [ 6 ] CVE-2008-1361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 [ 7 ] CVE-2008-1362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 [ 8 ] CVE-2008-1363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 [ 9 ] CVE-2008-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 [ 10 ] CVE-2008-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 [ 11 ] CVE-2008-1447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 [ 12 ] CVE-2008-1806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 [ 13 ] CVE-2008-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 [ 14 ] CVE-2008-1808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 [ 15 ] CVE-2008-2098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 [ 16 ] CVE-2008-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 [ 17 ] CVE-2008-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 [ 18 ] CVE-2008-4915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 [ 19 ] CVE-2008-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 [ 20 ] CVE-2008-4917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 [ 21 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 22 ] CVE-2009-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 [ 23 ] CVE-2009-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 [ 24 ] CVE-2009-1244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244 [ 25 ] CVE-2009-2267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 [ 26 ] CVE-2009-3707 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 [ 27 ] CVE-2009-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 [ 28 ] CVE-2009-3733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 [ 29 ] CVE-2009-4811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 [ 30 ] CVE-2010-1137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 [ 31 ] CVE-2010-1138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 [ 32 ] CVE-2010-1139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 [ 33 ] CVE-2010-1140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 [ 34 ] CVE-2010-1141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 [ 35 ] CVE-2010-1142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 [ 36 ] CVE-2010-1143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 [ 37 ] CVE-2011-3868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-25.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . At this time, it is not possible to implement the recommended countermeasures in the GNU libc stub resolver. The following workarounds are available: 1. Install a local BIND 9 resoler on the host, possibly in forward-only mode. (Other caching resolvers can be used instead.) 2. Rely on IP address spoofing protection if available. Successful attacks must spoof the address of one of the resolvers, which may not be possible if the network is guarded properly against IP spoofing attacks (both from internal and external sources). This DSA will be updated when patches for hardening the stub resolver are available. HP-UX B.11.00. HP-UX B.11.00 may be affected by this vulnerability if the BINDv4 Domain Name Server (DNS) is configured to do both of the following: * support recursive requests and cache the results * respond to DNS requests made by untrusted systems To determine if an HP-UX system has an affected version, search the output of "swlist -a revision -l fileset" for one of the filesets listed below. AFFECTED VERSIONS HP-UX B.11.00 ============= InternetSrvcs.INETSVCS-RUN action: add "options no-recursion" to /etc/named.boot END AFFECTED VERSIONS RESOLUTION The potential vulnerability may be avoided by blocking access to the system from untrusted systems or by disabling DNS recursion. To disable DNS recursion, add the following to /etc/named.boot: options no-recursion The option will take effect when named is restarted. Note: This issue has been previously reported in HPSBGN01156 SSRT2400 rev.0 (7 August 2003). HPSBGN01156 did not have the Affected Versions for the HP-UX Security Patch Check

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

arbitrary

EXPLOIT AVAILABILITY

EXTERNAL IDS

REFERENCES

CREDITS

Hewlett Packard

SOURCES

LAST UPDATE DATE

2025-09-26T21:36:07.716000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE