6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.2%
CentOS Errata and Security Advisory CESA-2009:0020
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.
A flaw was discovered in the way BIND checked the return value of the
OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone
could present a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks. (CVE-2009-0025)
For users of Red Hat Enterprise Linux 3 this update also addresses a bug
which can cause BIND to occasionally exit with an assertion failure.
All BIND users are advised to upgrade to the updated package, which
contains a backported patch to resolve this issue. After installing the
update, BIND daemon will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-February/077744.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077746.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077748.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077749.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077752.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077754.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077700.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077701.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077714.html
https://lists.centos.org/pipermail/centos-announce/2009-January/077715.html
Affected packages:
bind
bind-chroot
bind-devel
bind-libbind-devel
bind-libs
bind-sdb
bind-utils
caching-nameserver
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0020
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | bind | < 9.3.4-6.0.3.P1.el5_2 | bind-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind-chroot | < 9.3.4-6.0.3.P1.el5_2 | bind-chroot-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind-devel | < 9.3.4-6.0.3.P1.el5_2 | bind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind-libbind-devel | < 9.3.4-6.0.3.P1.el5_2 | bind-libbind-devel-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind-libs | < 9.3.4-6.0.3.P1.el5_2 | bind-libs-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind-sdb | < 9.3.4-6.0.3.P1.el5_2 | bind-sdb-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind-utils | < 9.3.4-6.0.3.P1.el5_2 | bind-utils-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | caching-nameserver | < 9.3.4-6.0.3.P1.el5_2 | caching-nameserver-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind | < 9.3.4-6.0.3.P1.el5_2 | bind-9.3.4-6.0.3.P1.el5_2.i386.rpm |
CentOS | 5 | i386 | bind-chroot | < 9.3.4-6.0.3.P1.el5_2 | bind-chroot-9.3.4-6.0.3.P1.el5_2.i386.rpm |