VARIoT IoT vulnerabilities database

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. Microsoft Windows Phone 7 is a smartphone from Microsoft. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid further attacks

IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. IBM Remote Supervisor Adapter II is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Attackers can exploit this vulnerability to break through the encryption protection mechanism through unknown vectors

The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879. The problem is Bug ID CSCtw70879 It is a problem.Service disruption via application traffic by a third party ( Incorrect memory access and module restart ) There is a possibility of being put into a state. Application Control Engine Module is prone to a denial-of-service vulnerability. Cisco Catalyst is a series of commercial grade switches distributed and maintained by CISCO Corporation

Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. Adopt the Cisco Nexus OS operating system. Cisco NX-OS fails to process a large number of ARP packets correctly. The vulnerability Cisco bug ID is CSCtr44822. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. Cisco NX-OS version 5.2 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Nexus 7000 Series NX-OS ARP Packet Handling Denial of Service SECUNIA ADVISORY ID: SA50671 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50671/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50671 RELEASE DATE: 2012-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/50671/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50671/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50671 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Nexus 7000 Series NX-OS, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in version 5.2. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: CSCtr44822: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html#wp402884 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269. Cisco Unity is an advanced unified communications solution for enterprise-level organizations that can provide powerful messaging services and intelligent voice messaging services

Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. Cisco IOS is a popular Internet operating system. This vulnerability Cisco bug ID is CSCtn78957

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. The problem is Bug ID CSCua13166 It is a problem.A third party can be unintentionally affected through crafted requests. AnyConnect Secure Mobility Client is prone to a remote security vulnerability. Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. A remote attacker could exploit this vulnerability to have unspecified effects through specially crafted requests

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. X.509 A vulnerability exists in which important information is obtained because the server certificate is approved. The problem is Bug ID CSCua11967 It is a problem.Important information may be obtained by a third party. AnyConnect Secure Mobility Client is prone to a information disclosure vulnerability. Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. A remote attacker could exploit this vulnerability to obtain sensitive information through vectors containing invalid certificates

Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132. Unity Connection is prone to a denial-of-service vulnerability. Cisco Unity is an advanced unified communications solution for enterprise-level organizations that can provide powerful messaging services and intelligent voice messaging services. Vulnerabilities exist in Cisco Unity Connection (UC) versions 7.1, 8.0, 8.5

The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. Cisco IOS is a popular Internet operating system. The vulnerability Cisco bug ID is CSCtz02622

Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. Cisco IOS is a popular Internet operating system. The vulnerability Cisco bug ID is CSCty8922

sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051. Intrustion Prevention software is prone to a denial-of-service vulnerability. Cisco IPS is the network intrusion protection module in the CiscoWorks VPN/Security management solution

The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144. Intrusion Prevention System is prone to a denial-of-service vulnerability. Cisco IPS is the network intrusion protection module in the CiscoWorks VPN/Security management solution

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684. The problem is Bug ID CSCty46684 It is a problem.A third party can hijack administrator authentication. Exploiting these issues may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCty46684. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability to hijack an administrator's authentication. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Identity Services Engine Cross-Site Request Forgery SECUNIA ADVISORY ID: SA50680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50680 RELEASE DATE: 2012-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/50680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks. The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions against the Administrator user interface when a logged-in user visits a specially crafted web page. SOLUTION: Update to version 1.1.0.665 Cumulative Patch 1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: CSCty46684: http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. Cisco IOS is a popular Internet operating system. The vulnerability Cisco bug ID is CSCtq39602. IOS is prone to a denial-of-service vulnerability

The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. Cisco IOS is a popular Internet operating system. The vulnerability Cisco bug ID is CSCte41827. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause the affected device to crash and reload, denying service to legitimate users

The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961. Cisco IOS is a popular Internet operating system. This vulnerability Cisco bug ID is CSCty97961. Cisco IOS is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to cause the affected device to crash and reload, denying service to legitimate users

Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. The problem is Bug ID CSCua28747 It is a problem. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user can create a Trojan horse in the current working directory. DLL It may be possible to get permission through the file. Cisco VPN Client is a set of cross-platform VPN client software from Cisco

Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the Scan Safe Tower, aka Bug ID CSCub85451. Cisco IOS In ScanSafe Denial of service if enabled ( Latency ) There is a vulnerability that can be exploited. IOS is prone to a denial-of-service vulnerability. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] patch (SSA:2012-257-02) New patch packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/patch-2.7-i486-1_slack13.37.txz: Upgraded. This version of patch ignores destination filenames that are absolute or that contain a component of "..", unless such a filename is provided as an argument. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/patch-2.7-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/patch-2.7-i486-1_slack12.1.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/patch-2.7-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/patch-2.7-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/patch-2.7-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/patch-2.7-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/patch-2.7-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/patch-2.7-x86_64-1_slack13.37.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/patch-2.7-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/patch-2.7-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.1 package: ebe093df28fc95c594af368597bf7262 patch-2.7-i486-1_slack12.1.tgz Slackware 12.2 package: f39f3ce8bbba509b7e266b6c8c9dcf47 patch-2.7-i486-1_slack12.1.tgz Slackware 13.0 package: e8404d45a3b51f8a7ad67efedfb488d9 patch-2.7-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 90d8b1e9237fe5080bd56a42de14d554 patch-2.7-x86_64-1_slack13.0.txz Slackware 13.1 package: f0fdc8a64eb8051527e9854ea9adba72 patch-2.7-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 60c3b0f3d1bc49b7e0140cbe65114560 patch-2.7-x86_64-1_slack13.1.txz Slackware 13.37 package: e70793008f94ef1f7f39b5e444bce6eb patch-2.7-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 6fc457dbe6d32fd747336eb271a49c08 patch-2.7-x86_64-1_slack13.37.txz Slackware -current package: 95134353a77428529c66f801f405bc05 a/patch-2.7-i486-1.txz Slackware x86_64 -current package: e0128639a440509600c060f2cd1e0530 a/patch-2.7-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg patch-2.7-i486-1_slack13.37.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBSlvYACgkQakRjwEAQIjNq4QCfToYaW19I79R748n7LK5gRxdN VdwAn1gKwMwexSfYJRQNcFTZdT7Ii4ip =HZF+ -----END PGP SIGNATURE-----

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the 'named' process to lockup, denying service to legitimate users. [RT #31090] (CVE-2012-5166). The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQdULemqjQ0CJFipgRAqmHAKDZVAV8OmU7wk0ieb0RhgXhjp1/hQCgwfW7 zf2hK/iuE08rZtMXpzK6bIs= =JF6q -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: ISC BIND Resource Record Denial of Service Vulnerability SECUNIA ADVISORY ID: SA50610 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50610 RELEASE DATE: 2012-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/50610/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50610/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50610 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error when processing resource records having RDATA greater than 65535 bytes. This can be exploited to e.g. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://kb.isc.org/article/AA-00778/74 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2012:1363-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1363.html Issue date: 2012-10-12 CVE Names: CVE-2012-5166 ===================================================================== 1. Summary: Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. (CVE-2012-5166) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 864273 - CVE-2012-5166 bind: Specially crafted DNS data can cause a lockup in named 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.5.i386.rpm bind-utils-9.3.6-20.P1.el5_8.5.i386.rpm x86_64: bind-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-chroot-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.i386.rpm x86_64: bind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.6-20.P1.el5_8.5.src.rpm i386: bind-9.3.6-20.P1.el5_8.5.i386.rpm bind-chroot-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-sdb-9.3.6-20.P1.el5_8.5.i386.rpm bind-utils-9.3.6-20.P1.el5_8.5.i386.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.i386.rpm ia64: bind-9.3.6-20.P1.el5_8.5.ia64.rpm bind-chroot-9.3.6-20.P1.el5_8.5.ia64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ia64.rpm bind-devel-9.3.6-20.P1.el5_8.5.ia64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ia64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.ia64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.ia64.rpm bind-utils-9.3.6-20.P1.el5_8.5.ia64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.ia64.rpm ppc: bind-9.3.6-20.P1.el5_8.5.ppc.rpm bind-chroot-9.3.6-20.P1.el5_8.5.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ppc.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-devel-9.3.6-20.P1.el5_8.5.ppc.rpm bind-devel-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ppc.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-libs-9.3.6-20.P1.el5_8.5.ppc.rpm bind-libs-9.3.6-20.P1.el5_8.5.ppc64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.ppc.rpm bind-utils-9.3.6-20.P1.el5_8.5.ppc.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.ppc.rpm s390x: bind-9.3.6-20.P1.el5_8.5.s390x.rpm bind-chroot-9.3.6-20.P1.el5_8.5.s390x.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.s390.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.s390x.rpm bind-devel-9.3.6-20.P1.el5_8.5.s390.rpm bind-devel-9.3.6-20.P1.el5_8.5.s390x.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.s390.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.s390x.rpm bind-libs-9.3.6-20.P1.el5_8.5.s390.rpm bind-libs-9.3.6-20.P1.el5_8.5.s390x.rpm bind-sdb-9.3.6-20.P1.el5_8.5.s390x.rpm bind-utils-9.3.6-20.P1.el5_8.5.s390x.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.s390x.rpm x86_64: bind-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-chroot-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.i386.rpm bind-debuginfo-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.i386.rpm bind-libbind-devel-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-libs-9.3.6-20.P1.el5_8.5.i386.rpm bind-libs-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-sdb-9.3.6-20.P1.el5_8.5.x86_64.rpm bind-utils-9.3.6-20.P1.el5_8.5.x86_64.rpm caching-nameserver-9.3.6-20.P1.el5_8.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm ppc64: bind-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm s390x: bind-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.s390x.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm ppc64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.ppc.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.s390.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.s390x.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-chroot-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-libs-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-utils-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.8.2-0.10.rc1.el6_3.5.src.rpm i386: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.i686.rpm x86_64: bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-debuginfo-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.i686.rpm bind-devel-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm bind-sdb-9.8.2-0.10.rc1.el6_3.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5166.html https://access.redhat.com/security/updates/classification/#important http://www.isc.org/software/bind/advisories/cve-2012-5166 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQeHsjXlSAg2UNWIIRAh5WAKCrcGYeGKxZlUpFiV7+CdpBVf7kWQCfbDMu 9mwEOEhLkEOAFKKQxmYZyOc= =W+gi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2016-01-28 Last Updated: 2016-01-28 Potential Security Impact: Remote Code Execution, Denial of Service (DoS), Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS. These vulnerabilities could be exploited remotely resulting in execution of code with the privileges of Bind, disclosure of information, or cause a Denial of Service (DoS). References: - CVE-2007-0493 - CVE-2007-0494 - CVE-2012-1667 - CVE-2012-5166 - CVE-2012-4244 - CVE-2009-4022 - CVE-2010-0097 - CVE-2008-0122 - PSRT110022 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenVMS TCPIP Services V 5.7 ECO5 BIND BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2007-0493 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2007-0494 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2012-1667 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 CVE-2012-5166 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2012-4244 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-4022 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-0097 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following patch kits available to resolve the vulnerabilities with the OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS | Platform | Patch Kit Name | |-----------------------|---------------------------------------| | Alpha OpenVMS V8.4 | DEC-AXPVMS-TCPIP_CVE_PAT-V0507-ECO5-4 | | ITANIUM OpenVMS V8.4 | HP-I64VMS-TCPIP_CVE_PAT-V0507-ECO5-4 | **Notes:** - For CVE-2008-0122, please contact HPE OpenVMS support to request patch kit TCPIP$IPC_SHR (V5.7-ECO5B) that is now available after the above patch release. - Please read the release notes of these kits for more information including other features that are provided. HISTORY Version:1 (rev.1) - 28 January 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. For the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze8. ============================================================================ Ubuntu Security Notice USN-1601-1 October 10, 2012 bind9 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.4 Ubuntu 11.10: bind9 1:9.7.3.dfsg-1ubuntu4.5 Ubuntu 11.04: bind9 1:9.7.3.dfsg-1ubuntu2.7 Ubuntu 10.04 LTS: bind9 1:9.7.0.dfsg.P1-1ubuntu0.8 Ubuntu 8.04 LTS: bind9 1:9.4.2.dfsg.P2-2ubuntu0.12 In general, a standard system update will make all the necessary changes. Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) 2012-10-11 13:25:09 UTC (RELENG_8, 8.3-STABLE) 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) 2012-10-10 19:50:15 UTC (RELENG_9, 9.1-PRERELEASE) 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) CVE Name: CVE-2012-4244, CVE-2012-5166 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. II. Problem Description The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA. III. Impact A remote attacker can query a resolving name server to retrieve a record whose RDATA is known to be larger than 65535 bytes, thereby causing the resolving server to crash via an assertion failure in named. An attacker who is in a position to add a record with RDATA larger than 65535 bytes to an authoritative name server can cause that server to crash by later querying for that record. IV. Workaround No workaround is available, but systems not running the BIND name server are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch # fetch http://security.FreeBSD.org/patches/SA-12:06/bind.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, or 9.1-RC1 on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 4) Install and run BIND from the Ports Collection after the correction date. The following versions and newer versions of BIND installed from the Ports Collection are not affected by this vulnerability: bind96-9.6.3.1.ESV.R7.4 bind97-9.7.6.4 bind98-9.8.3.4 bind99-9.9.1.4 VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r243418 releng/7.4/ r243417 stable/8/ r241443 releng/8.3/ r243417 stable/9/ r241415 releng/9.0/ r243417 releng/9.1/ r243417 - ------------------------------------------------------------------------- VII