{"id": "FEDORA:E3C7810F89C", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 10 Update: bind-9.5.1-3.P3.fc10", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "published": "2009-07-30T03:55:44", "modified": "2009-07-30T03:55:44", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2009-0025", "CVE-2009-0696"], "lastseen": "2020-12-21T08:17:49", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0696", "CVE-2009-0025"]}, {"type": "f5", "idList": ["SOL10366", "SOL9754", "F5:K9754"]}, {"type": "centos", "idList": ["CESA-2009:1180", "CESA-2009:1181", "CESA-2009:0020", "CESA-2009:0020-01"]}, {"type": "nessus", "idList": ["SUSE_BIND-5905.NASL", "SL_20090108_BIND_ON_SL3_X.NASL", "FEDORA_2009-0350.NASL", "SUSE_11_1_BIND-090126.NASL", "DEBIAN_DSA-1703.NASL", "FEDORA_2009-0451.NASL", "SUSE_11_0_BIND-090112.NASL", "SUSE9_12328.NASL", "MANDRIVA_MDVSA-2009-002.NASL", "SUSE_BIND-5915.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:63150", "OPENVAS:880845", "OPENVAS:136141256231063178", "OPENVAS:1361412562310122529", "OPENVAS:63274", "OPENVAS:136141256231063210", "OPENVAS:136141256231063274", "OPENVAS:1361412562310880816", "OPENVAS:1361412562310880845", "OPENVAS:136141256231063243"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1703-1:07F1E", "DEBIAN:DSA-1847-1:73C4F"]}, {"type": "suse", "idList": ["SUSE-SA:2009:005"]}, {"type": "redhat", "idList": ["RHSA-2009:0020"]}, {"type": "ubuntu", "idList": ["USN-706-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-0020", "ELSA-2009-1181"]}, {"type": "fedora", "idList": ["FEDORA:0999720847E"]}, {"type": "freebsd", "idList": ["83725C91-7C7E-11DE-9672-00E0815B8DA8"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24280", "SECURITYVULNS:VULN:10109"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}, "vulnersScore": 7.0}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "10", "arch": "any", "packageName": "bind", "packageVersion": "9.5.1", "packageFilename": "UNKNOWN", "operator": "lt"}], "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:39:58", "description": "BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.", "edition": 4, "cvss3": {}, "published": "2009-01-07T17:30:00", "title": "CVE-2009-0025", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0025"], "modified": "2018-10-11T20:58:00", "cpe": ["cpe:/a:isc:bind:9.0.0", "cpe:/a:isc:bind:9.2.7", "cpe:/a:isc:bind:9.2.6", "cpe:/a:isc:bind:9.0", "cpe:/a:isc:bind:9.1.1", "cpe:/a:isc:bind:9.5.1", "cpe:/a:isc:bind:9.4.1", "cpe:/a:isc:bind:9.6.0", "cpe:/a:isc:bind:9.4.2", "cpe:/a:isc:bind:9.1.3", "cpe:/a:isc:bind:9.1", "cpe:/a:isc:bind:9.1.2", "cpe:/a:isc:bind:9.2.5", "cpe:/a:isc:bind:9.2.0", "cpe:/a:isc:bind:9.4.0", "cpe:/a:isc:bind:9.1.0", "cpe:/a:isc:bind:9.5.0", "cpe:/a:isc:bind:9.4", "cpe:/a:isc:bind:9.2.3", "cpe:/a:isc:bind:9.4.3", "cpe:/a:isc:bind:9.0.1", "cpe:/a:isc:bind:9.2.4", "cpe:/a:isc:bind:9.2.2", "cpe:/a:isc:bind:9.2.1"], "id": "CVE-2009-0025", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0025", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:39:59", "description": "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.", "edition": 4, "cvss3": {}, "published": "2009-07-29T17:30:00", "title": "CVE-2009-0696", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0696"], "modified": "2018-10-10T19:30:00", "cpe": ["cpe:/a:isc:bind:9.4.1", "cpe:/a:isc:bind:9.6.0", "cpe:/a:isc:bind:9.4.2", "cpe:/a:isc:bind:9.6.1", "cpe:/a:isc:bind:9.4.0", "cpe:/a:isc:bind:9.6", "cpe:/a:isc:bind:9.5.0", "cpe:/a:isc:bind:9.4", "cpe:/a:isc:bind:9.4.3", "cpe:/a:isc:bind:9.5"], "id": "CVE-2009-0696", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0696", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5_b1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2_w1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a7:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2_w2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:*:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r4:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r3:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.1:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r9:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r4_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a5:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:04", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "edition": 1, "description": "* F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled to be the master for one or more zones:\n\nA malicious dynamic update packet can crash BIND versions 9.4, 9.5, and 9.6. This issue can occur even when dynamic updating is turned off.\n\nF5 has determined BIG-IP GTM software is vulnerable to the malicious dynamic update message described in CVE-2009-0696. This vulnerability is mitigated by the fact that BIND will immediately restart after the crash. However, an attacker could sustain an outage by continuing to send malicious packets.\n\nInformation about this advisory is available at the following locations: \n \n**Note**: These links take you to resources outside of AskF5, and it is possible that the documents may be removed without our knowledge. \n\n<http://www.kb.cert.org/vuls/id/725188> \n \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696>\n\nF5 Product Development tracked this issue as CR125853 for Enterprise Manager and it was fixed in Enterprise Manager version 2.0.0. For information about upgrading, refer to the Enterprise Manager release notes.\n\nF5 Product Development tracked this issue as CR125853 for BIG-IP LTM, GTM, ASM, PSM, WebAccelerator, and Link Controller, and it was fixed in version 9.4.8 and 10.1.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, WebAccelerator, and Link Controller release notes.\n\nAdditionally, this issue was fixed in Hotfix-BIGIP-9.3.1-74.0-HF7 issued for BIG-IP version 9.3.1, Hotfix-BIGIP-9.4.5-1091.0-HF3 issued for BIG-IP version 9.4.5, Hotfix-BIGIP-9.4.6-423.0-HF2 issued for BIG-IP version 9.4.6, Hotfix-BIGIP-9.4.7-326.0-HF1 issued for BIG-IP version 9.4.7, and Hotfix-BIGIP-10.0.1-342.0-HF1 issued for BIG-IP version 10.0.1. You may download these hotfixes or later versions of the hotfixes from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nFor information about downloading software, refer to SOL167: Downloading software from F5.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\n**Workaround**\n\nYou can work around this issue by implementing the following packet filter workaround to filter and reject dynamic update packets by inspecting the opcode (operation code) of a DNS packet for updates.\n\n**Important**: Applying the packet filter using the following methods will reject all dynamic update packets. If you require dynamic updates, F5 highly recommends that you verify that the source is good/secure and construct packets filters that will allow updates from known good/secure sources and reject all dynamic updates from unknown sources.\n\nYou can implement the dynamic update packet filter using the following two methods:\n\n * Configuring the dynamic update packet filter using the Configuration utility\n * Configuring the dynamic update packet filter using the command line\n\n**Important**: As a result of a known issue with the **libpcap** library, the packet filters configured and applied in the following procedures may fail to load after approximately 15 successful load operations. For more information, refer to SOL10659: The libpcap library runs out of internal registers.\n\n**Configuring the dynamic update packet filter using the Configuration utility**\n\n 1. Log in to the Configuration utility.\n 2. Select** Network** from the left menu.\n 3. Select** General **from the **Packet Filter Menu** bar.\n 4. Select **Enabled** from the drop-down menu for **Packet Filtering**.\n 5. Select the **Filter established connections** option from the **Options **section.\n 6. Click **Update**.\n 7. Select **Rules** from the **Packet Filter Menu** bar.\n 8. Click **Create**.\n 9. Provide a name for the new packet filter. \n \nFor example: \n \ndrop_updates\n 10. Select **Order this filter should be placed on the list**. If you have **multiple packet filter**, place it as close to the beginning of the list as possible.\n 11. Select **Reject** from the **Action **menu.\n 12. Select **Enter Expression Text** from the **Filter Expression Method** option.\n 13. Enter the following syntax into the **Filter Expression box**: \n \ndst port 53 and( ( tcp[((tcp[12]&gt;&gt;2)+4)] &amp; 0x78 = 0x28 ) or ( udp[10] &amp; 0x78 = 0x28 ) )\n 14. Click **Finished**.\n\n**Configuring the dynamic update packet filter using the command line**\n\n 1. Log in to the command line.\n 2. Enable packet filtering by typing the following command: \n \nbigpipe db packetfilter enable\n 3. Enable packet filtering to be applied to already established traffic by typing the following command: \n \nbigpipe db packetfilter.established enable\n 4. Configure the packet filter by typing the following command syntax: \n \nbigpipe packet filter drop_updates { order 10 action reject filter '{ dst port 53 and ( ( tcp[((tcp[12]&gt;&gt;2)+4)] &amp; 0x78 = 0x28 ) or ( udp[10] &amp; 0x78 = 0x28 ) ) }' }\n 5. Save the changes made to the system by typing the following command: \n \nbigpipe save all\n", "modified": "2013-06-28T00:00:00", "published": "2009-07-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html", "id": "SOL10366", "title": "SOL10366 - BIND vulnerability - CVE-2009-0696", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-5077", "CVE-2009-0265", "CVE-2009-0025"], "description": "", "edition": 1, "modified": "2016-01-09T02:06:00", "published": "2009-02-25T03:00:00", "href": "https://support.f5.com/csp/article/K9754", "id": "F5:K9754", "title": "BIND 9 vulnerability CVE-2009-0025", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:04", "bulletinFamily": "software", "cvelist": ["CVE-2008-5077", "CVE-2009-0265", "CVE-2009-0025"], "edition": 1, "description": "BIND does not properly check the return value from the OpenSSL **DSA_verify** function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025> \n \n**Note**: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development tracked this issue as CR114792 and it was fixed in BIG-IP 10.0.1. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, PSM, Link Controller, WebAccelerator, or WAN Optimization release notes.\n\nF5 Product Development is tracking this issue as ID 294064 (Formerly CR114792) for the FirePass controller.\n\nThis is a similar vulnerability to CVE-2008-5077 and CVE-2009-0265. For information about CVE-2008-5077, refer to SOL9762: OpenSSL vulnerability - CVE-2008-5077. For information about CVE-2009-0265, refer to SOL11503: BIND 9 vulnerability CVE-2009-0265.\n", "modified": "2013-03-24T00:00:00", "published": "2009-02-24T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/9000/700/sol9754.html", "id": "SOL9754", "title": "SOL9754 - BIND 9 vulnerability CVE-2009-0025", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:43:20", "description": "This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : bind (ZYPP Patch Number 5905)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_BIND-5905.NASL", "href": "https://www.tenable.com/plugins/nessus/41479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41479);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0025\");\n\n script_name(english:\"SuSE 10 Security Update : bind (ZYPP Patch Number 5905)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0025.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5905.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"bind-libs-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"bind-utils-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"bind-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"bind-chrootenv-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"bind-devel-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"bind-doc-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"bind-libs-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"bind-utils-9.3.4-1.26\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.3.4-1.26\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:01", "description": "A flaw was found in how BIND checked the return value of the OpenSSL\nDSA_do_verify() function. On systems that use DNSSEC, a malicious zone\ncould present a malformed DSA certificate and bypass proper\ncertificate validation, which would allow for spoofing attacks\n(CVE-2009-0025).\n\nThe updated packages have been patched to prevent this issue.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : bind (MDVSA-2009:002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:bind-utils", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:bind-doc", "p-cpe:/a:mandriva:linux:bind", "p-cpe:/a:mandriva:linux:bind-devel"], "id": "MANDRIVA_MDVSA-2009-002.NASL", "href": "https://www.tenable.com/plugins/nessus/37473", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:002. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37473);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0025\");\n script_bugtraq_id(33151);\n script_xref(name:\"MDVSA\", value:\"2009:002\");\n\n script_name(english:\"Mandriva Linux Security Advisory : bind (MDVSA-2009:002)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in how BIND checked the return value of the OpenSSL\nDSA_do_verify() function. On systems that use DNSSEC, a malicious zone\ncould present a malformed DSA certificate and bypass proper\ncertificate validation, which would allow for spoofing attacks\n(CVE-2009-0025).\n\nThe updated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"bind-9.4.2-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"bind-devel-9.4.2-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"bind-utils-9.4.2-1.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-9.5.0-3.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-devel-9.5.0-3.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-doc-9.5.0-3.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"bind-utils-9.5.0-3.2mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-9.5.0-6.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-devel-9.5.0-6.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-doc-9.5.0-6.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"bind-utils-9.5.0-6.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:45:14", "description": "It was discovered that BIND, an implementation of the DNS protocol\nsuite, does not properly check the result of an OpenSSL function which\nis used to verify DSA cryptographic signatures. As a result, incorrect\nDNS resource records in zones protected by DNSSEC could be accepted as\ngenuine.", "edition": 26, "published": "2009-01-14T00:00:00", "title": "Debian DSA-1703-1 : bind9 - interpretation conflict", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-01-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:bind9"], "id": "DEBIAN_DSA-1703.NASL", "href": "https://www.tenable.com/plugins/nessus/35366", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1703. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35366);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0025\");\n script_bugtraq_id(33151);\n script_xref(name:\"DSA\", value:\"1703\");\n\n script_name(english:\"Debian DSA-1703-1 : bind9 - interpretation conflict\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that BIND, an implementation of the DNS protocol\nsuite, does not properly check the result of an OpenSSL function which\nis used to verify DSA cryptographic signatures. As a result, incorrect\nDNS resource records in zones protected by DNSSEC could be accepted as\ngenuine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1703\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the BIND packages.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"bind9\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"bind9-doc\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"bind9-host\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"dnsutils\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libbind-dev\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libbind9-0\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdns22\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libisc11\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libisccc0\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libisccfg1\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"liblwres9\", reference:\"9.3.4-2etch4\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"lwresd\", reference:\"9.3.4-2etch4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:43:20", "description": "This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)", "edition": 23, "published": "2009-01-22T00:00:00", "title": "openSUSE 10 Security Update : bind (bind-5915)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-01-22T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind-chrootenv", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-libs", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind"], "id": "SUSE_BIND-5915.NASL", "href": "https://www.tenable.com/plugins/nessus/35445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bind-5915.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35445);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0025\");\n\n script_name(english:\"openSUSE 10 Security Update : bind (bind-5915)\");\n script_summary(english:\"Check for the bind-5915 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"bind-9.4.1.P1-12.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"bind-chrootenv-9.4.1.P1-12.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"bind-devel-9.4.1.P1-12.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"bind-libs-9.4.1.P1-12.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"bind-utils-9.4.1.P1-12.7\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.4.1.P1-12.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:04:14", "description": "This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)", "edition": 23, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : bind (bind-426)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-libs", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind"], "id": "SUSE_11_1_BIND-090126.NASL", "href": "https://www.tenable.com/plugins/nessus/40193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bind-426.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40193);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0025\");\n\n script_name(english:\"openSUSE Security Update : bind (bind-426)\");\n script_summary(english:\"Check for the bind-426 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=464462\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-9.5.0P2-18.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-chrootenv-9.5.0P2-18.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-devel-9.5.0P2-18.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-libs-9.5.0P2-18.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"bind-utils-9.5.0P2-18.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.5.0P2-18.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:06", "description": "A flaw was discovered in the way BIND checked the return value of the\nOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious\nzone could present a malformed DSA certificate and bypass proper\ncertificate validation, allowing spoofing attacks. (CVE-2009-0025)\n\nFor users of Red Hat Enterprise Linux 3 this update also addresses a\nbug which can cause BIND to occasionally exit with an assertion\nfailure.\n\nAfter installing theupdate, BIND daemon will be restarted\nautomatically.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : bind on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090108_BIND_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60517);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0025\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was discovered in the way BIND checked the return value of the\nOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious\nzone could present a malformed DSA certificate and bypass proper\ncertificate validation, allowing spoofing attacks. (CVE-2009-0025)\n\nFor users of Red Hat Enterprise Linux 3 this update also addresses a\nbug which can cause BIND to occasionally exit with an assertion\nfailure.\n\nAfter installing theupdate, BIND daemon will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0901&L=scientific-linux-errata&T=0&P=924\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01f07fd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"bind-9.2.4-23.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"bind-chroot-9.2.4-23.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"bind-devel-9.2.4-23.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"bind-libs-9.2.4-23.el3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"bind-utils-9.2.4-23.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"bind-9.2.4-30.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-chroot-9.2.4-30.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-devel-9.2.4-30.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-libs-9.2.4-30.el4_7.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"bind-utils-9.2.4-30.el4_7.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"bind-9.3.4-6.0.3.P1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-chroot-9.3.4-6.0.3.P1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-devel-9.3.4-6.0.3.P1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-libbind-devel-9.3.4-6.0.3.P1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-libs-9.3.4-6.0.3.P1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-sdb-9.3.4-6.0.3.P1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-utils-9.3.4-6.0.3.P1.el5_2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"caching-nameserver-9.3.4-6.0.3.P1.el5_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T01:26:49", "description": "According to its version number, the remote installation of BIND does\nnot properly check the return value from the OpenSSL library functions\n'EVP_VerifyFinal()' and 'DSA_do_verify()'. A remote attacker may be\nable to exploit this weakness to spoof answers returned from zones for\nsignature checks on DSA and ECDSA keys used with SSL / TLS.", "edition": 28, "published": "2009-05-12T00:00:00", "title": "ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND_SIG_RETURN_CHECKS.NASL", "href": "https://www.tenable.com/plugins/nessus/38735", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38735);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2009-0025\");\n script_bugtraq_id(33151);\n script_xref(name:\"Secunia\", value:\"33404\");\n\n script_name(english:\"ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness\");\n script_summary(english:\"Checks the version of BIND\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote name server is affected by a signature validation weakness.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the remote installation of BIND does\nnot properly check the return value from the OpenSSL library functions\n'EVP_VerifyFinal()' and 'DSA_do_verify()'. A remote attacker may be\nable to exploit this weakness to spoof answers returned from zones for\nsignature checks on DSA and ECDSA keys used with SSL / TLS.\");\n # https://kb.isc.org/article/AA-00925/0/CVE-2009-0025%3A-EVP_VerifyFinal-and-DSA_do_verify-return-checks.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a61b5626\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to BIND 9.3.6-P1 / 9.4.3-P1 / 9.5.1-P1 / 9.6.0-P1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"bind_version.nasl\", \"dnssec_resolver.nasl\");\n script_require_keys(\"bind/version\", \"DNSSEC/udp/53\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# nb: don't bother if the host doesn't support DNSSEC.\nif (isnull(get_kb_item(\"DNSSEC/udp/53\"))) exit(0);\n\n\nver = get_kb_item(\"bind/version\");\nif (\n ver &&\n ver =~ \"^9\\.([0-2]\\.[0-9\\.]+|3\\.([0-5]{1}|6$)|4\\.([0-2]{1}|3$)|5\\.(0{1}|1$)|6\\.0$)\"\n)\n{\n if (report_verbosity > 0)\n {\n report = string(\n \"\\n\",\n \"BIND \", ver, \" appears to be installed on the remote host.\\n\"\n );\n security_warning(port:53, proto:\"udp\", extra:report);\n }\n else security_warning(port:53, proto:\"udp\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:06:49", "description": "Update to 9.5.1-P1 maintenance release which includes fix for\nCVE-2009-0025. This update also fixes rare crash of host utility.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-01-16T00:00:00", "title": "Fedora 9 : bind-9.5.1-1.P1.fc9 (2009-0350)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-01-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bind", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-0350.NASL", "href": "https://www.tenable.com/plugins/nessus/35398", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0350.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35398);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0025\");\n script_bugtraq_id(33151);\n script_xref(name:\"FEDORA\", value:\"2009-0350\");\n\n script_name(english:\"Fedora 9 : bind-9.5.1-1.P1.fc9 (2009-0350)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 9.5.1-P1 maintenance release which includes fix for\nCVE-2009-0025. This update also fixes rare crash of host utility.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=478984\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/018834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b42bfbb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"bind-9.5.1-1.P1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:50", "description": "Update to 9.5.1-P1 maintenance release which fixes CVE-2009-0025. This\nupdate also address following issues :\n\n - sample config file was outdated.\n\n - specifying a fixed query source was broken\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-04-23T00:00:00", "title": "Fedora 10 : bind-9.5.1-1.P1.fc10 (2009-0451)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:bind"], "id": "FEDORA_2009-0451.NASL", "href": "https://www.tenable.com/plugins/nessus/36411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-0451.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36411);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0025\");\n script_xref(name:\"FEDORA\", value:\"2009-0451\");\n\n script_name(english:\"Fedora 10 : bind-9.5.1-1.P1.fc10 (2009-0451)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 9.5.1-P1 maintenance release which fixes CVE-2009-0025. This\nupdate also address following issues :\n\n - sample config file was outdated.\n\n - specifying a fixed query source was broken\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=478984\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-January/018915.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?baef11da\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"bind-9.5.1-1.P1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:03:02", "description": "This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)", "edition": 23, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : bind (bind-426)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind-chrootenv", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-libs", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind"], "id": "SUSE_11_0_BIND-090112.NASL", "href": "https://www.tenable.com/plugins/nessus/39921", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update bind-426.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39921);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0025\");\n\n script_name(english:\"openSUSE Security Update : bind (bind-426)\");\n script_summary(english:\"Check for the bind-426 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update improves the verification of return values of openssl\nfunctions. Prior this update it was possible to spoof answers signed\nwith DSA and NSEC3DSA. (CVE-2009-0025)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=464462\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"bind-9.4.2-39.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"bind-chrootenv-9.4.2-39.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"bind-devel-9.4.2-39.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"bind-libs-9.4.2-39.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"bind-utils-9.4.2-39.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.4.2-39.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "[9.3.4-6.0.3.P1]\n- check DSA_do_verify return value correctly", "edition": 4, "modified": "2009-01-08T00:00:00", "published": "2009-01-08T00:00:00", "id": "ELSA-2009-0020", "href": "http://linux.oracle.com/errata/ELSA-2009-0020.html", "title": "bind security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "[20:9.2.4-30.4]\n- security fix for remote DoS (CVE-2009-0696, #514292)\n[20:9.2.4-30.3]\n- fix potential deadlock on socket's control FDs (#512668) ", "edition": 4, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "ELSA-2009-1180", "href": "http://linux.oracle.com/errata/ELSA-2009-1180.html", "title": "bind security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "[20:9.2.4-25.el3]\n- security fix for remote DoS (CVE-2009-0696, #514292)\n[20:9.2.4-24.el3]\n- abort timeout queries to reduce the number of open UDP sockets (#498164)\n- handle EMFILE error from accept() gracefully (#498164)", "edition": 4, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "ELSA-2009-1181", "href": "http://linux.oracle.com/errata/ELSA-2009-1181.html", "title": "bind security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:02", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols.\n\nA flaw was discovered in the way BIND checked the return value of the\nOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\ncould present a malformed DSA certificate and bypass proper certificate\nvalidation, allowing spoofing attacks. (CVE-2009-0025)\n\nFor users of Red Hat Enterprise Linux 3 this update also addresses a bug\nwhich can cause BIND to occasionally exit with an assertion failure.\n\nAll BIND users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, BIND daemon will be restarted automatically.", "modified": "2019-03-22T23:42:27", "published": "2009-01-08T05:00:00", "id": "RHSA-2009:0020", "href": "https://access.redhat.com/errata/RHSA-2009:0020", "type": "redhat", "title": "(RHSA-2009:0020) Moderate: bind security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:44", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0020-01\n\n\nBIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols.\n\nA flaw was discovered in the way BIND checked the return value of the\nOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\ncould present a malformed DSA certificate and bypass proper certificate\nvalidation, allowing spoofing attacks. (CVE-2009-0025)\n\nFor users of Red Hat Enterprise Linux 3 this update also addresses a bug\nwhich can cause BIND to occasionally exit with an assertion failure.\n\nAll BIND users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, BIND daemon will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027613.html\n\n**Affected packages:**\nbind\nbind-devel\nbind-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "modified": "2009-02-02T23:32:53", "published": "2009-02-02T23:32:53", "href": "http://lists.centos.org/pipermail/centos-announce/2009-February/027613.html", "id": "CESA-2009:0020-01", "title": "bind security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-17T03:28:25", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "**CentOS Errata and Security Advisory** CESA-2009:0020\n\n\nBIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols.\n\nA flaw was discovered in the way BIND checked the return value of the\nOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\ncould present a malformed DSA certificate and bypass proper certificate\nvalidation, allowing spoofing attacks. (CVE-2009-0025)\n\nFor users of Red Hat Enterprise Linux 3 this update also addresses a bug\nwhich can cause BIND to occasionally exit with an assertion failure.\n\nAll BIND users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, BIND daemon will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027620.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027622.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027624.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027625.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027628.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-February/027630.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027576.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027577.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027590.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-January/027591.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-sdb\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0020.html", "edition": 6, "modified": "2009-02-04T18:12:24", "published": "2009-01-09T23:08:18", "href": "http://lists.centos.org/pipermail/centos-announce/2009-January/027576.html", "id": "CESA-2009:0020", "title": "bind, caching security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:26:16", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1181\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nThis update also fixes the following bug:\n\n* the following message could have been logged: \"internal_accept: fcntl()\nfailed: Too many open files\". With these updated packages, timeout queries\nare aborted in order to reduce the number of open UDP sockets, and when the\naccept() function returns an EMFILE error value, that situation is now\nhandled gracefully, thus resolving the issue. (BZ#498164)\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028092.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028093.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1181.html", "edition": 3, "modified": "2009-07-29T20:55:33", "published": "2009-07-29T20:55:11", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028092.html", "id": "CESA-2009:1181", "title": "bind security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:25:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "It was discovered that Bind did not properly perform signature verification. \nWhen DNSSEC with DSA signatures are in use, a remote attacker could exploit \nthis to bypass signature validation to spoof DNS entries and poison DNS \ncaches. Among other things, this could lead to misdirected email and web \ntraffic.", "edition": 5, "modified": "2009-01-09T00:00:00", "published": "2009-01-09T00:00:00", "id": "USN-706-1", "href": "https://ubuntu.com/security/notices/USN-706-1", "title": "Bind vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-08T23:36:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "Micha Krause discovered that Bind did not correctly validate certain \ndynamic DNS update packets. An unauthenticated remote attacker could \nsend specially crafted traffic to crash the DNS server, leading to a \ndenial of service.", "edition": 5, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "USN-808-1", "href": "https://ubuntu.com/security/notices/USN-808-1", "title": "Bind vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "modified": "2009-01-15T02:59:44", "published": "2009-01-15T02:59:44", "id": "FEDORA:0999720847E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: bind-9.5.1-1.P1.fc10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:21:45", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "The DNS daemon bind is used to resolve and lookup addresses on the inter- net. Some month ago a vulnerability in the DNS protocol and its numbers was published that allowed easy spoofing of DNS entries. The only way to pro- tect against spoofing is to use DNSSEC. Unfortunately the bind code that verifys the certification chain of a DNS- SEC zone transfer does not properly check the return value of function DSA_do_verify(). This allows the spoofing of records signed with DSA or NSEC3DSA.\n#### Solution\nnone", "edition": 1, "modified": "2009-01-22T12:03:42", "published": "2009-01-22T12:03:42", "id": "SUSE-SA:2009:005", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00007.html", "title": "information disclosure in bind", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:11:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0025"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1703-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 12, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : bind9\nVulnerability : interpretation conflict\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-0025\n\nIt was discovered that BIND, an implementation of the DNS protocol\nsuite, does not properly check the result of an OpenSSL function which\nis used to verify DSA cryptographic signatures. As a result,\nincorrect DNS resource records in zones protected by DNSSEC could be\naccepted as genuine.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch4.\n\nFor the unstable distribution (sid) and the testing distribution\n(lenny), this problem will be fixed soon.\n\nWe recommend that you upgrade your BIND packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4.dsc\n Size/MD5 checksum: 1197 aa679c6e3106b422fa8de952556cc98e\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4.diff.gz\n Size/MD5 checksum: 302859 12d089f391d6ac1a60e2a7b7b8c49f42\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz\n Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch4_all.deb\n Size/MD5 checksum: 187564 d3609a90363331288018fcdbba29a047\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 226154 9adec25147fa3f2c85cef36c75148335\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 96576 8ca632cac9163decf3c3dd24a373cc1b\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 112678 273ba2508722416d3a7090153922c01e\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 98226 eef74b1024e184fcea8a09f3800cf544\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 190164 7eac73aae4fabfcfec8e9ecdcde45ff5\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 322348 a5a5ea6ddbfaab6c8aeaf247d1c95874\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 116594 61d56b68f75ef2693169176efa07512e\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 564948 2827fe2266733bd0439ec8a22f167f25\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 115860 0bb76803abf4d4799c7d2a64cd0af449\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 1407512 95c550a74d02dbe81886f33499e249cc\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_alpha.deb\n Size/MD5 checksum: 188806 420104ba72fe220ae0e7eff269fc086d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 317636 d5841784354f118901f08f48a0e886e8\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 96156 ce4d2168a261c296f6b60dc2c52a0ac0\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 224438 460704b96b0b279f5f54346a02356f18\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 190758 21f6b7f6dca59161cf1ba423b97a013e\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 552562 4cdcf10ca2572737e63c6269e4d7ef6b\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 117040 24dd657bb0b671a48fb1498948fdca41\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 114878 02b9e3b075f638e91b92248e40f46cea\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 1107812 587e9613589665f4ccecac2d1bb7c4e7\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 187666 e359081c8f81d6380655bc563a844803\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 96942 07f2b24d6f2815bb4fcad64a206d21b2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_amd64.deb\n Size/MD5 checksum: 111304 f85b9997f97e24dd1c972a6c25d3713f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 95824 cd0dbfd76dc1a9a7ae66c3d17dd2c076\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 187430 4d066c4c8fda96616654f0e5c5f269d4\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 532276 f15132b68c23e3a2b7bcbb1d0c7e9e1c\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 116148 821abd04e8459db5bd026dce7c5007c8\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 112778 b0737de9602f9844b17f8c79c0c7bee9\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 107920 93094487c134673000797d03326bcfbb\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 183016 668007a69bc0bcb174fb3af007a06a2d\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 217782 fe30c568a6f694e31f323c5a7c65a489\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 311142 a5ad717d9c53e22fc559e2b846af6761\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 95240 bec7ba6d11e71d4a5203ffd8775ce61b\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_arm.deb\n Size/MD5 checksum: 1074544 a8d33e799364caf2a1a6119ba980fb5c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 96486 780b5f6edcb2594c074faaacac84a506\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 217580 f4eb031a7c5a6c4454d84cd784c218aa\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 188274 b8428b8e5c42e5f809d9180196435023\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 115708 144ebf381de71a09bca8bd0dd0899969\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 1258938 60e891b0432a731536a921964a5ba3e7\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 185524 291fd0feff440c39dcdfa77b19fb70dd\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 314068 441b640e2d300524bf352d613833afdf\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 543334 89560b776cd247e6dfbc37b5a8ad541d\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 114236 452ab3e612e68e21df601d3a1f3016bc\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 96668 749a3664788afdf253d40123630c913d\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_hppa.deb\n Size/MD5 checksum: 113042 c77ab83bf8b702a0f221299f63f84275\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 110234 cb2d13c313d5061d6af864325b9b7d0d\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 95040 b8d8c02291c6fa58cfc6405902c39ba0\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 206548 05f6acbfc0982ed87a378e35f3ad8be9\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 472778 22d8b1ea77e191686c5affab4c869240\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 296242 86357a0f5353674fb5b73ddf97d8a242\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 170214 163fdc7612a950d7a32b0992af767b23\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 995236 a747c1d27a79515936517d301a534e07\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 180794 4bc0c43e3454131453454d08d6029de4\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 95042 7656f21f85e5489d595a5fc43627199b\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 106106 6b5985e30d0536eb56dfd5b31b479b58\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_i386.deb\n Size/MD5 checksum: 113194 3ae945c6b46bda56b407e81bf285fad6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 117816 c06945e1506470a93158549c6e94ec80\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 102474 4cd35b5a1cfb24b1fb156441fae565e9\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 1584324 7e7b49e71bde1abc7fec8a6845b4e376\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 216428 682aa4769f46a7dfb2b2bdaf7ec53dde\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 127650 7206fa330fc8b115a95f8a20073b2683\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 232106 e8a5ae82b88f1288ee91fb6879a38035\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 393396 f6d1ec1bdd9b7d3bf0543c1f72184c5e\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 100022 b080abf8bcf2f7d33944c0f5ab07d5db\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 740278 684ee73762dc6a569e0ad5458cb39a63\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 280944 434b3f2bf7b6eac8c8eadbc9ff71b88a\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_ia64.deb\n Size/MD5 checksum: 125878 78c533671d65799444a6abeecb066102\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 95048 1a1adcb72a4a988eb862dbfa70a05993\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 94272 494f78dca4285c9784f92779d08516a0\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 180574 d4bace2add3362896bdb17e794642d80\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 211456 a317473e059e7670b6bb603a1fb532b2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 107968 9d86c2744569db8b9110c37be4de8aba\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 110378 ab471c9ce1bb5a666413d00253c84c71\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 491896 984d83789bb28f65d78130b5ffe58783\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 1229560 6bae9ceb7a1a604f3a45c6df905fb2c8\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 301540 084df4d5378ecb47eee2715a709005ef\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 174080 29e62329993fe21bd2d412b659a3c220\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_mips.deb\n Size/MD5 checksum: 113348 c697f17d93aa609ef448edf740ca132a\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 94150 0177400160d90cc2d662ca3a6688178e\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 179698 310f99bbfb09db4f5ea5dff07b66bb63\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 107218 c6b342a831948a7bf7801d46d38290c4\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 113072 a27b2fe4ed7a345d258313ddc4f8346f\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 110300 fb55450e28a08d2010b6e93e17b895ae\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 94980 fb919221192449e70239f8991f01636b\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 488288 8a089d802fd33105a3699e81480439c9\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 210968 e5c3f788c66086cf7dcd26215a17a0f8\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 1205504 260e40c7c015eca2a29612c725d8dd35\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 174202 765ab3865c5a811dac4ac157e358a318\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_mipsel.deb\n Size/MD5 checksum: 299586 5f5e170a809055667994b7b76b0745a1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 301350 a20ea0a911818a574701d68e29f3a2d1\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 183376 c550243d0a3b401d2970a3973f656120\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 96210 4116f47d69a3f83ce9022b306b1e6826\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 96250 112e99a3eead25467bbb19895cc1eb3a\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 173642 27ea1f6607f69941e718884d7b90b626\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 109316 2158dc4b86fcc4b841776df478bafe2d\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 206910 0f1968d555573c2fd230ffb92109e729\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 488474 8fc4aa4a58958441f5cda10c83a24e05\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 1167916 45c319145305d976c147af786f10f65a\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 113906 a908806289ae42f4947557f82952d1c6\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_powerpc.deb\n Size/MD5 checksum: 112320 3bf75de9190d5c0012510fffacd4d980\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 114300 d5ab339f6f1505b6efe1caab0f91b4b0\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 95710 23cc9069086681ec048ab64d04150b78\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 196642 a135997ee33f30d6a9656563cf398ce1\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 331958 3c560c643e1a60548ef5c4f567b3bbf6\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 194782 bd4744eff4c131183da5c32fa9197b81\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 118206 ddd094acc29a60f0ad39deb9ffcc3b53\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 579538 6b6bb21b3ba7fcc3d0a96fb29e32b24e\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 1137454 2b639e2c0c5e2bed36db838611141876\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 116708 bab63e3ca69977baa87b07181ca5d1a4\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 97832 5e3591957078a61702b71fdb2e24fdfc\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_s390.deb\n Size/MD5 checksum: 234026 dcf706e32b50ab97068af14126bb65bd\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 183878 eee08db142d1871d4b692dbbcd15999a\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 111224 261734b90a58046ad8ccd7ecf45629c3\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 114294 b9d3bc689a758181f7a6068db8970fe5\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 1122546 27f759bbc75c0da9c82cb26769d122c2\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 175962 9a2373e0bb287efc7eb53697b91de147\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 107672 348e2faed12a7a66d00c3d3eed509605\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 210612 0f479f72667f152c97491331fd3a7ed8\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 494486 69c393bf175654857ec2151d4ee47a4e\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 95434 34974e2951421e842ea394dbba268bb2\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 95384 429ec6ce3ab7f33b25e008277b542a03\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_sparc.deb\n Size/MD5 checksum: 300876 a0a9ae53e63e2dbb54b6db43dfbb1c72\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 11, "modified": "2009-01-12T21:27:34", "published": "2009-01-12T21:27:34", "id": "DEBIAN:DSA-1703-1:07F1E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00010.html", "title": "[SECURITY] [DSA 1703-1] New bind9 packages fix cryptographic weakness", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:30:57", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1847-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJuly 29, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : bind9\nVulnerability : improper assert\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-0696\nCERT advisory : VU#725188\nDebian Bug : 538975\n\nIt was discovered that the BIND DNS server terminates when processing a\nspecially crafted dynamic DNS update. This vulnerability affects all\nBIND servers which serve at least one DNS zone authoritatively, as a\nmaster, even if dynamic updates are not enabled. The default Debian\nconfiguration for resolvers includes several authoritative zones, too,\nso resolvers are also affected by this issue unless these zones have\nbeen removed.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch5.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 9.5.1.dfsg.P3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:9.6.1.dfsg.P1-1.\n\nWe recommend that you upgrade your bind9 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5.diff.gz\n Size/MD5 checksum: 302807 d58923a064b84f21ed5c10e2ffc44bfc\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5.dsc\n Size/MD5 checksum: 1197 d1a95e7520896c321241e2f3350c9a19\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz\n Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch5_all.deb\n Size/MD5 checksum: 187662 8291dca5aca59a2b86417247e19e7e14\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 97070 c40d4f4c024e0a8f7ef63700b48fe6f1\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 552696 808b613129afc50911014242adb41724\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 96290 3c47488088bffe8efe2445619b21de94\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 117160 70d1df4da01977d952258afc695c5fb2\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 187822 d8263b75b2750324e18d3539aa002415\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 115010 7788e7bd6b8ab327dd6d7a4678065ad2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 111440 86e9406ec8bac96ac2c8760b410bd91d\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 224570 8611e1920610ba9f2d6b08255ab43a34\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 317734 d92e1b3fa83f554592b621626a287e5d\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 1107958 fc3739b06eefc491780b4a78b29675d5\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_amd64.deb\n Size/MD5 checksum: 190916 7095039b2eb4335d878e669bfa56eeb1\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 1260850 894b1ec4f8b66d8c04c17526bd580600\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 188420 96aa3636a3d7075d75f8a257166b9a5c\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 113176 5a7408d6151b5752e834620dd703dcce\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 217598 0c845420b5d4968f3364b96e6684f45f\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 114376 12f36f415d4c71e5bd77abb6fb49602a\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 313948 4efc5d183d8ccb654fbe01454d26f2e6\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 96792 55d55ed2b215fd55752508ea3cfe9f02\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 115866 1a0e6b9a6a4b8e38b6e2601039f09897\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 185656 4559ec9ad0aaa3b4b18383e6ca6e5b0f\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 96610 c16a367a3a241c4b7e47f402b56ca018\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_hppa.deb\n Size/MD5 checksum: 543438 fcb50e06d47d355110350eaf096de50a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 170374 b7d3e4a9defb5da1a54efb460bebf1b3\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 995354 523bfb562b342c75ede6aa795b8ce600\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 113324 4b20b6e1d884ef6cf3863049a3f37e20\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 95194 909245ba71a5deb01e4f782a87ad637b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 180980 8a72240a3a2dbb85d5f82321aa55c9bc\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 106244 8cf5350de4ee1212112d9a5e1a823cd0\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 110374 ee069c2941489f9e8c98932c1a774fd3\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 206676 82e507651029444eccc3674a0982e700\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 95182 9bb5fd8a1f39b4fa3ac9575e3d6f0afb\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 296374 614f276b0d2b011455854fed70247796\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_i386.deb\n Size/MD5 checksum: 472916 af8ea52d6a6dc8df48d6a7ccdd0b5eb6\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 216588 2b5fa1ddfa589a69991e44e140166d7a\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 393582 a5d4b0d4d618ee7dd4e1e3cdd49e34ad\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 1584492 3048c04d777a7164fccf3abb1665b9c2\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 126016 5208c4237e14bbe5427afb879037b50f\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 232240 aef693bd7a485bb0741f1375d032854b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 127792 a258d0495696498c1c14f880f8937a72\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 102614 34c98500ab1599c44f850b0b98f30189\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 281128 4907fdb45525d18b43c155365699edc0\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 740444 15caae237add4c86cb8de31c921af2c5\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 100160 392cddad06d1b2ee8a714f59bb8393ca\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_ia64.deb\n Size/MD5 checksum: 117966 1702f986e2b0aa39094fcff4daf71a86\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 180712 5bc856c76fdfc72101ee04ef5cd71be3\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 1229564 c073b518c837d5ebbaeb54d4118ac5ad\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 108086 9675ff86b40c3d9464eb412912cf2aa4\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 174222 3693b1e26f3dba15a46afd2d81572a24\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 301718 10b85a330b2c43f5938b21a0a7be56bc\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 113484 c8c53918101772fd0ddb3b62e29fd1c1\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 94392 bb9973a7c301db7ac41a07ace6b73d88\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 95162 a4fe9cc17f38939093968bb44e1813ad\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 110504 2f91fde79bd1e6183ddcd29c3dcf74d2\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 211592 911f400f3b87b0731d2d1ab30a97153d\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_mips.deb\n Size/MD5 checksum: 492000 473f26759ba80e221eb860b9dcad2895\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 1205608 7fe9cdeda499c947dce6679b96244df2\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 488404 4b60ce340544aa563ee855a513ae698a\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 179834 7267ad81f04e2631d45661389208c25a\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 174342 77a1a09ae59c1fccfc5315db9ad93b38\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 95120 caef296539e140883172524fe1b9eec5\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 107346 3533e43159d5ef81eb80be3f9ddce9d9\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 299696 01f0a0d9f5c6003e42d5a18ee9edf5da\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 211088 d2d570f35ee281f458239c51114210f3\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 110424 7300faf402c425ded6bfe910f93d99e0\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 113224 8f1182a452d6e6ce8e91701a05e74bb6\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_mipsel.deb\n Size/MD5 checksum: 94280 1b461b4a56ffb07cf9c97f73577ea13c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 1168122 69a98c1b78ba7be7afd7382c1897ea69\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 183650 be3bc88c02011bfe9d18e0ecc2437fc5\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 488536 f1ce2ef0956643fa9685a75da1322765\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 206230 2e2c87b29a17a04a5ca4aaee42e64ef7\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 112390 05a0d83b39a1df51ba10475e6381e11a\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 113834 537f39d15dd68ecebcbb301f3af6933a\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 96264 cb2b186b970a374f003e69a051987ee0\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 303250 f65257ae4f2ad5031589d406dc6e37b1\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 109386 e2ffa239375871cd57f2b7a756f234c3\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 96312 6c19ac64f71a4697965f553a342e341a\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_powerpc.deb\n Size/MD5 checksum: 173704 5ab96f0f65522e5c5d7515e0fd594a80\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 493776 65e8efda6edc323cd0016f1283431023\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 210874 6eb1d8e0bcf4ae34644945811aa8d975\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 95012 78a2e7807de54d4e92dd867b996c2756\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 114488 01817b79cda4d1cc9291b5fc14ee87db\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 111330 8fb0e99191cfc5953a3f914d6280414d\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 300350 f0f1171a17e3c7b6f639c53a2bbf63cc\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 107762 55b3e9e830c779fe76c047b9aa59cc27\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 175410 cfecadab15451e366618cbda28d218ee\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 95010 073110449f1b76ced612835136d59a50\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 184272 f00c69a1a50d3e0f47d045427bd6dccb\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_sparc.deb\n Size/MD5 checksum: 1121904 61952ec2b2515b8c02fb045d59cb9e73\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz\n Size/MD5 checksum: 5221004 dc87f5d14403bee19b0c1d04b4de9252\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc\n Size/MD5 checksum: 1049 8e109829ee1dd553cf4799cd9af7ef2f\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz\n Size/MD5 checksum: 224291 c878e3c0edb31dca8e74b42a0fa06efc\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb\n Size/MD5 checksum: 264860 bc456e91b46eab565438222f0b6e97d2\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 170112 4f93acca6dd5ca447e00da53c4c8387f\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 257008 014ce4cef9a0ecd3775b79170c3e7df3\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 32428 7fc08b3daa59a0023b7cedcaf8ec2203\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 152262 f855f9d1465d22ef1cec197bacdbdf1e\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 50906 978ab4c3a9a3cc0ea851c5ba117a5461\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 29608 ebdff030cf84bec066a0a5aebea8dd3a\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 103838 8295357195da254901d61276bb9a7c6d\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 63114 a19b257d389a0a84f963bf316946cfbe\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 611884 aaef860fde98f6a525a16d789b37216b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 49582 dd5d24b0acd7192ce656ea175cfff8f2\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 213824 fca07baffb898b93a4460a8ce5596b16\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_alpha.deb\n Size/MD5 checksum: 1625476 e3ddc9fb079cee05097214b3057f1029\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 212176 ab42f6daa6d079035ef6a16eb644dabf\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 154944 684dcaa493c32e3596b3685c26f173aa\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 255048 f3fd746ba24e74230cba606b0a5f61ea\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 97132 df3664fb075f561d9b519a5517154b14\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 601910 358d0cdea486df897666661d78b7a8e5\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 163698 9e7a5a67b9c681e836bd0bfa0b779004\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 64394 410430ff014240042b527bfe607621c1\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 50634 6315afa492be63b377fe44126ae82b1b\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 28820 d94a961e42289f1b1978f2b66add6dec\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 31816 82679c58157e3aead368abb56dd39aa3\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 1332918 5d086997e4b13abb6bea5ad3c1920f08\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb\n Size/MD5 checksum: 48110 e193057861c47e3fad50884ffd8a5d5c\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 153356 7da228fed9a23e646aab45fcfc32f110\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 151402 8513c2b9cba6c2b8e1f96817242df060\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 204822 8c2e4a16fd0d92d57370303d60930c7f\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 63498 74a46c66387d7a5197ccfb361c27b424\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 247792 97478f5b11e168358a9dcacf8ae85b64\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 31034 9ed01f4ab47318d8487b627353497696\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 93520 d578e9a3247f4ce4c581138156da5ed3\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 26502 ef613f2d916c6411df1ab8556df82163\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 42648 89d93cebd00a1e649d7cd3d71583d03a\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 559200 7206682d171fef33b8d40cb645cbcf0b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 42494 f4a84c825341bf034ef36b96a2993020\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_armel.deb\n Size/MD5 checksum: 1170570 1827326c2b1e1c6bfd745069885fd799\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 47088 eed022f2660d8a53acc188f9941d4512\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 261600 2bb12fbaf1dd9bbe88a4f194a118de2d\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 34152 b9681888cacb25d47cf02d2f6bd61ee0\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 218982 3dc67baeb3790b34dc90cebdab4749ac\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 165968 f6789216991c9a1b673a8ba8032ab2c1\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 618966 edf48b74ab4ee741a4b57e5ebaac5426\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 65186 f26719ac44dc300f426f2851d3df8cef\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 28708 c809cd04bf3c16860a825557efa4ae3a\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 50878 14f6f5ad23dd30dec2fa0109c9b57940\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 156604 cf5ff182872fa3929796637ccafad8ee\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 101180 1084563c72b32aa4c3fd28e39c4c9331\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_hppa.deb\n Size/MD5 checksum: 1446422 773c9efe2521881f6021026c1249aa57\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 1263682 91c4b4f2a24aae64cf6ab504074c6cf4\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 242304 3d6da858df0b9ec362cfbdfddda41606\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 27020 328fcd7a9f2e102dc24f2c059129f2aa\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 45310 2d0dcd0aa04dfbd28b5f5faf26ec5e4b\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 44354 322ec576af6559a2f4242368cd6161a0\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 199388 d71779a3ea70009eee00a0b5089c331f\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 32348 3877c0a75d4a51c95205caefb89ff5bf\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 149892 1ef7412ece675170d16720e7bafbb89e\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 548164 16c6f4937ee87ef3f8a45d4da702b198\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 144226 4bc1457543e3808f32a2349d1886fa25\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 60922 e6ce9b75b33ba64f515ddfbff6a63b89\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_i386.deb\n Size/MD5 checksum: 92888 68b2b2ce4fccaca1d94cdc9398221795\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 60024 ee3649d8afa1cdf9871e457479994a19\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 200304 14c08a76d6bea5db15f6d406f1a8035b\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 126162 28f947c3c336e35c3ea92a028fd8520a\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 231082 738a405bf2d8a6c0e31fa13eb14dbedb\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 856476 b4bd3011e55a33a27aab17808965cbfc\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 37162 530f4d128c8fe49eb1a69a9b1b25de02\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 1862294 06514180b6ce7f36fc6c75220a746860\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 57416 c10914f2ce9d2fdadd76fdacb3e51e34\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 286454 e52e854e1164bc98ac70adfbdaa35b6b\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 33656 122abc5aa28c46469e03f9f4014214b2\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 328946 a4ff895501c7920c0dacfeb6c76c4584\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_ia64.deb\n Size/MD5 checksum: 81964 5212a8a5cf1875abeda40af5635924b9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 44198 a9154ac066774406cb1057a79f9ff0e7\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 1407996 6d41e52863892554c33856d4f6d26039\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 142800 e7306f02b48132f2b4cb915d5aa71268\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 197718 e0432cc6af52e952c1bfaafd4de3e88b\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 26922 4c5c1f1c7ec12d1823fc6c5c936a738c\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 527510 8eafffe6d5439e68ff0ac87178a5ee3b\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 146786 0492e8d973d51e06a2290b62a1cb0cda\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 60132 0f44616374b1ca227481ff1b67de0089\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 42238 8224216a87ae83d960149ad99b5e82f4\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 30360 42978ac424bc7e8f95ead983f85be42d\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 239974 6961c135b77a51cd1647d569a01c5faa\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_mips.deb\n Size/MD5 checksum: 92650 9389303535690e80d61a7f5c778584e6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 1396662 b098e782b36d52016e34b60fd567c2b8\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 142508 63f3fa09a187ab2d00c40d8f05350bd5\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 30288 ac952744e0c289967ebab7ef050cacaa\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 238914 448d88eb5bdcfef5afc228d61b2d8e81\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 42314 aaeeedb064b0bd2dfb93d2d0388a9eca\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 148052 39dd77b2b11f7c45a37c812b99cd51b6\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 526440 426d663a1072d7883190a695d6ccbd79\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 59988 99632c1a5a79f01ea8ec6b6190d39943\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 196422 35c80d067d88b401f6fb2cf8531615a2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 43174 23abb83d07edb421d79ab4806c2815a9\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 27008 895dd116b09ec3655cc056a635f748af\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_mipsel.deb\n Size/MD5 checksum: 92226 b6e50a34930031804c9499b6a435e050\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 256908 55fa16432472a850feba19f4c77d4267\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 1231990 9f43eb76fbf81570b1f3e2bcde84c9e3\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 213784 298331ac0d2b2f62776f2b0adcb9587b\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 34556 c24f3df80d23da3fd32002203dd5c99b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 157988 91baf8ee51797fc5f713aa704933a7ce\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 114976 213e59dabec221b8e2222233ed323c9d\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 48878 0d40842dab046d93b23e94eb54a6a2b3\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 30276 690ccba365749bf7a496a7a4002e4baa\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 65154 bf6593638cb905e5d7a7cc27f1c61af5\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 584234 1e08d95df5bc8803c8d1e6f7563920b6\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 48630 8b691a37c63da33331ac1954c322187f\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_powerpc.deb\n Size/MD5 checksum: 162362 1120ba40fc7c45e5e28ca85314401fa2\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 1326896 942e87deb18e0c74bf01e8fcb3b1a30d\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 32550 b497be5bca1a73b241df873ff84318ec\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 99842 05f2dd008dfacc5db9fc927ac961ef46\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 223298 c8fd7ed3b53e869dc73893a0a9352afa\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 164268 778ed887c80b1012704c4ae5492bd299\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 167280 0bb6186a2e8ed7f342f0755231c78168\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 593832 fe5b9713cc8644ac2b85da01ad0f53b0\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 28936 b9686cee7c6fd3e8886a6c464bf1b07a\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 50588 27791f42c9a8fe4478f72188b401ad59\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 266352 1a0ea76ae8a4325cc385b728537018bd\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 69220 ef234ae1adfeb99182a9bb5b75aa642c\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_s390.deb\n Size/MD5 checksum: 46642 76053697cd735c3a16942379843ce4b3\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 63838 b8ad39a7c210c1dedaf342d27cfbf09b\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 31186 ca1f01c6aeeb2c955090da2d322353dc\n http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 26386 f10103951165623cfd3bdffc1a62d541\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 44264 6d397e7ce8eee135e12eaade598c4636\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 207898 9d0f81bbd6c23e78fe01638ca8baad05\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 152124 84f90736075522f11d915b5ec3c5854f\n http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 96126 c73d67340b279a116e8a73cc33cc06de\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 1339762 fa0d5e0745643dd94478803967e168e4\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 250788 28f36259000669f0938d3cd157514a1c\n http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 541328 cddd85c4601f9c2ceb58082c7630c2e5\n http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 148974 5e2e1e75352e36502c53f299538ea0c0\n http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_sparc.deb\n Size/MD5 checksum: 42758 55de10b65dd6fa4546c68850fe7512f7\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 9, "modified": "2009-07-29T07:21:48", "published": "2009-07-29T07:21:48", "id": "DEBIAN:DSA-1847-1:73C4F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00162.html", "title": "[SECURITY] [DSA 1847-1] New bind9 packages fix denial of service", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:56:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing an update to bind\nannounced via advisory FEDORA-2009-0451.", "modified": "2017-07-10T00:00:00", "published": "2009-01-20T00:00:00", "id": "OPENVAS:63210", "href": "http://plugins.openvas.org/nasl.php?oid=63210", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-0451 (bind)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_0451.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-0451 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to 9.5.1-P1 maintenance release which fixes CVE-2009-0025. This update\nalso address following issues: - sample config file was outdated - specifying\na fixed query source was broken\n\nChangeLog:\n\n* Thu Jan 8 2009 Adam Tkac 32:9.5.1-1.P1\n- 9.5.1-P1 release (CVE-2009-0025)\n- patches merged\n- bind-95-sdlz-include.patch\n- bind-96-rh475120.patch\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update bind' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0451\";\ntag_summary = \"The remote host is missing an update to bind\nannounced via advisory FEDORA-2009-0451.\";\n\n\n\nif(description)\n{\n script_id(63210);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-0451 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=478984\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.1~1.P1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.5.1~1.P1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.1~1.P1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.5.1~1.P1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.5.1~1.P1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.1~1.P1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.5.1~1.P1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 1703-1.", "modified": "2017-07-07T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:63150", "href": "http://plugins.openvas.org/nasl.php?oid=63150", "type": "openvas", "title": "Debian Security Advisory DSA 1703-1 (bind9)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1703_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1703-1 (bind9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that BIND, an implementation of the DNS protocol\nsuite, does not properly check the result of an OpenSSL function which\nis used to verify DSA cryptographic signatures. As a result,\nincorrect DNS resource records in zones protected by DNSSEC could be\naccepted as genuine.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch4.\n\nFor the unstable distribution (sid) and the testing distribution\n(lenny), this problem will be fixed soon.\n\nWe recommend that you upgrade your BIND packages.\";\ntag_summary = \"The remote host is missing an update to bind9\nannounced via advisory DSA 1703-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201703-1\";\n\n\nif(description)\n{\n script_id(63150);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1703-1 (bind9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns22\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880845", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880845", "type": "openvas", "title": "CentOS Update for bind CESA-2009:0020 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2009:0020 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-January/015538.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880845\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0020\");\n script_cve_id(\"CVE-2009-0025\");\n script_name(\"CentOS Update for bind CESA-2009:0020 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"bind on CentOS 5\");\n script_tag(name:\"insight\", value:\"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n (Domain Name System) protocols.\n\n A flaw was discovered in the way BIND checked the return value of the\n OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\n could present a malformed DSA certificate and bypass proper certificate\n validation, allowing spoofing attacks. (CVE-2009-0025)\n\n For users of Red Hat Enterprise Linux 3 this update also addresses a bug\n which can cause BIND to occasionally exit with an assertion failure.\n\n All BIND users are advised to upgrade to the updated package, which\n contains a backported patch to resolve this issue. After installing the\n update, BIND daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-26T08:55:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:005.", "modified": "2017-07-11T00:00:00", "published": "2009-01-26T00:00:00", "id": "OPENVAS:63274", "href": "http://plugins.openvas.org/nasl.php?oid=63274", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:005 (bind)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_005.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:005 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The DNS daemon bind is used to resolve and lookup addresses on the\ninternet. Some month ago a vulnerability in the DNS protocol and\nits numbers was published that allowed easy spoofing of DNS entries.\nThe only way to protect against spoofing is to use DNSSEC.\nUnfortunately the bind code that verifys the certification chain of a DNS-\nSEC zone transfer does not properly check the return value of function\nDSA_do_verify(). This allows the spoofing of records signed with DSA or\nNSEC3DSA.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:005\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:005.\";\n\n \n\nif(description)\n{\n script_id(63274);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-26 18:18:20 +0100 (Mon, 26 Jan 2009)\");\n script_cve_id(\"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:005 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.5.0P2~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.4.2~39.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.4.1.P1~12.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "Check for the Version of bind", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880816", "href": "http://plugins.openvas.org/nasl.php?oid=880816", "type": "openvas", "title": "CentOS Update for bind CESA-2009:0020 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2009:0020 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n (Domain Name System) protocols.\n\n A flaw was discovered in the way BIND checked the return value of the\n OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\n could present a malformed DSA certificate and bypass proper certificate\n validation, allowing spoofing attacks. (CVE-2009-0025)\n \n For users of Red Hat Enterprise Linux 3 this update also addresses a bug\n which can cause BIND to occasionally exit with an assertion failure.\n \n All BIND users are advised to upgrade to the updated package, which\n contains a backported patch to resolve this issue. After installing the\n update, BIND daemon will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"bind on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-February/015586.html\");\n script_id(880816);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0020\");\n script_cve_id(\"CVE-2009-0025\");\n script_name(\"CentOS Update for bind CESA-2009:0020 centos3 i386\");\n\n script_summary(\"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 1703-1.", "modified": "2018-04-06T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:136141256231063150", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063150", "type": "openvas", "title": "Debian Security Advisory DSA 1703-1 (bind9)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1703_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1703-1 (bind9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that BIND, an implementation of the DNS protocol\nsuite, does not properly check the result of an OpenSSL function which\nis used to verify DSA cryptographic signatures. As a result,\nincorrect DNS resource records in zones protected by DNSSEC could be\naccepted as genuine.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch4.\n\nFor the unstable distribution (sid) and the testing distribution\n(lenny), this problem will be fixed soon.\n\nWe recommend that you upgrade your BIND packages.\";\ntag_summary = \"The remote host is missing an update to bind9\nannounced via advisory DSA 1703-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201703-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63150\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1703-1 (bind9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns22\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.4-2etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "Check for the Version of bind", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880845", "href": "http://plugins.openvas.org/nasl.php?oid=880845", "type": "openvas", "title": "CentOS Update for bind CESA-2009:0020 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2009:0020 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n (Domain Name System) protocols.\n\n A flaw was discovered in the way BIND checked the return value of the\n OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\n could present a malformed DSA certificate and bypass proper certificate\n validation, allowing spoofing attacks. (CVE-2009-0025)\n \n For users of Red Hat Enterprise Linux 3 this update also addresses a bug\n which can cause BIND to occasionally exit with an assertion failure.\n \n All BIND users are advised to upgrade to the updated package, which\n contains a backported patch to resolve this issue. After installing the\n update, BIND daemon will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"bind on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-January/015538.html\");\n script_id(880845);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0020\");\n script_cve_id(\"CVE-2009-0025\");\n script_name(\"CentOS Update for bind CESA-2009:0020 centos5 i386\");\n\n script_summary(\"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-02T13:17:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing an update to bind9\nannounced via advisory USN-706-1.\n\nIt was discovered that Bind did not properly perform certificate verification.\nWhen DNSSEC with DSA certificates are in use, a remote attacker could exploit\nthis to bypass certificate validation to spoof DNS entries and poison DNS\ncaches. Among other things, this could lead to misdirected email and web\ntraffic.", "modified": "2018-02-01T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:63164", "href": "http://plugins.openvas.org/nasl.php?oid=63164", "type": "openvas", "title": "Ubuntu USN-706-1 (bind9)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_706_1.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# $Id: ubuntu_706_1.nasl 8616 2018-02-01 08:24:13Z cfischer $\n# Description: Auto-generated from advisory USN-706-1 (bind9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n libdns21 1:9.3.2-2ubuntu1.6\n\nUbuntu 7.10:\n libdns32 1:9.4.1-P1-3ubuntu2.1\n\nUbuntu 8.04 LTS:\n libdns35 1:9.4.2.dfsg.P2-2ubuntu0.1\n\nUbuntu 8.10:\n libdns43 1:9.5.0.dfsg.P2-1ubuntu3.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-706-1\";\n\ntag_summary = \"The remote host is missing an update to bind9\nannounced via advisory USN-706-1.\n\nIt was discovered that Bind did not properly perform certificate verification.\nWhen DNSSEC with DSA certificates are in use, a remote attacker could exploit\nthis to bypass certificate validation to spoof DNS entries and poison DNS\ncaches. Among other things, this could lead to misdirected email and web\ntraffic.\";\n\n \n\n\nif(description)\n{\n script_id(63164);\n script_version(\"$Revision: 8616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-01 09:24:13 +0100 (Thu, 01 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu USN-706-1 (bind9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-706-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns21\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.2-2ubuntu1.6\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-30\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns32\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc32\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc30\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg30\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres30\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.4.1-P1-3ubuntu2.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-30\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns35\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc35\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc30\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg30\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres30\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.4.2.dfsg.P2-2ubuntu0.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9utils\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-40\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns43\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc44\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc40\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg40\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres40\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.5.0.dfsg.P2-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(port:0, data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing updates to bind announced in\nadvisory CESA-2009:0020.", "modified": "2017-07-10T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:63178", "href": "http://plugins.openvas.org/nasl.php?oid=63178", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0020 (bind)", "sourceData": "#CESA-2009:0020 63178 10\n# $Id: ovcesa2009_0020.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0020 (bind)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0020\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0020\nhttps://rhn.redhat.com/errata/RHSA-2009-0020.html\";\ntag_summary = \"The remote host is missing updates to bind announced in\nadvisory CESA-2009:0020.\";\n\n\n\nif(description)\n{\n script_id(63178);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0020 (bind)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.4~6.0.3.P1.el5_2\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~30.el4_7.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~30.el4_7.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~30.el4_7.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~30.el4_7.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~30.el4_7.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~23.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~30.c4.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~30.c4.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~30.c4.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~30.c4.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~30.c4.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0025"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0020.\n\nA flaw was discovered in the way BIND checked the return value of the\nOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\ncould present a malformed DSA certificate and bypass proper certificate\nvalidation, allowing spoofing attacks. (CVE-2009-0025)\n\nFor users of Red Hat Enterprise Linux 3 this update also addresses a bug\nwhich can cause BIND to occasionally exit with an assertion failure.\n\nAll BIND users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, BIND daemon will be restarted automatically.", "modified": "2018-04-06T00:00:00", "published": "2009-01-13T00:00:00", "id": "OPENVAS:136141256231063133", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063133", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0020", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0020.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0020 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0020.\n\nA flaw was discovered in the way BIND checked the return value of the\nOpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone\ncould present a malformed DSA certificate and bypass proper certificate\nvalidation, allowing spoofing attacks. (CVE-2009-0025)\n\nFor users of Red Hat Enterprise Linux 3 this update also addresses a bug\nwhich can cause BIND to occasionally exit with an assertion failure.\n\nAll BIND users are advised to upgrade to the updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, BIND daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63133\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2009-0025\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0020\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0020.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.1~11.el2\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.1~11.el2\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.1~11.el2\", rls:\"RHENT_2.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~23.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~23.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.2.4~23.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~23.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~23.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~23.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.4~30.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.2.4~30.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.2.4~30.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.4~30.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.2.4~30.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.4~30.el4_7.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.4~6.0.3.P1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01837667\r\nVersion: 1\r\n\r\nHPSBTU02453 SSRT091037 rev.1 - HP Tru64 UNIX BIND Server, Denial of Service &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-08-06\r\nLast Updated: 2009-08-06\r\n\r\nPotential Security Impact: Denial of Service, &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with Tru64 UNIX running the BIND server. The\r\nvulnerability could be remotely exploited to create a Denial of Service &#40;DoS&#41;.\r\n\r\nReferences: CVE-2009-0696\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nTru64 UNIX 5.1B BL27\r\nTru64 UNIX 5.1B BL28\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-0696 &#40;AV:N/AC:M/Au:N/C:N/I:N/A:P&#41; 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following patches for the BIND server available to resolve the vulnerability. The patches are\r\navailable from the HP ITRC. Patch kit\r\n ITRC Download Location\r\n MD5 and SHA1 Checksum\r\n\r\nT64KIT1001630-V51BB27-ES-20090803\r\n https://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001630-V51BB27-ES-20090803\r\n MD5 results: 639bf32e22db9ca317b0e91818a100fb\r\nSHA1 results: 53d4010e7e982b57f2e4f4fb5aa33ac1f5114ff3\r\n\r\nT64KIT1001631-V51BB28-ES-20090803\r\n https://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001631-V51BB28-ES-20090803\r\n MD5 results: 0e9c865cd7711186a632fc708f39f00f\r\nSHA1 results: b964395cc1012a47b056aa3fa55a9602c3c16d3a\r\n\r\nNote:\r\nThe patch kit installation instructions and the Patch Summary and Release Notes documents provide patch kit\r\ninstallation and removal instructions and a summary of each patch. Please read these documents prior to\r\ninstalling patches.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nNone\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; 06 August 2009 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP\r\nsoftware products should be applied in accordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to:\r\nsecurity-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP,\r\nespecially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is\r\ncontinually reviewing and enhancing the security features of software products to provide customers with\r\ncurrent secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the\r\naffected HP products the important security information contained in this Bulletin. HP recommends that all\r\nusers determine the applicability of this information to their individual situations and take appropriate\r\naction. HP does not warrant that this information is necessarily accurate or complete for all user situations\r\nand, consequently, HP will not be responsible for any damages resulting from user&#39;s use or disregard of the\r\ninformation provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either\r\nexpress or implied, including the warranties of merchantability and fitness for a particular purpose, title\r\nand non-infringement.&quot;\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein.\r\nThe information provided is provided &quot;as is&quot; without warranty of any kind. To the extent permitted by law,\r\nneither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or\r\nconsequential damages including downtime cost; lost profits;damages relating to the procurement of substitute\r\nproducts or services; or damages for loss of data, or software restoration. The information in this document\r\nis subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products\r\nreferenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other\r\nproduct and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;HP-UX&#41;\r\n\r\niEYEARECAAYFAkp8JRIACgkQ4B86/C0qfVki5ACffhNycQQzASLucAYTe5w7+iPx\r\nAGoAn2amq12AJs+7IyEmqqFTx7ybtp8U\r\n=N6KA\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-07-18T00:00:00", "published": "2010-07-18T00:00:00", "id": "SECURITYVULNS:DOC:24279", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24279", "title": "[security bulletin] HPSBTU02453 SSRT091037 rev.1 - HP Tru64 UNIX BIND Server, Denial of Service &#40;DoS&#41;", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "Crash on dynamic update message with ANY type &#40;disablind dynamic updates doesn&#39;t eliminate problem&#41;.", "edition": 1, "modified": "2009-07-30T00:00:00", "published": "2009-07-30T00:00:00", "id": "SECURITYVULNS:VULN:10109", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10109", "title": "ISC bind named DNS server DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "BIND Dynamic Update DoS\r\nCVE:\r\n\t \tCVE-2009-0696 \t \r\nCERT:\r\n\t \tVU#725188 \t \r\nPosting date:\r\n\t \t2009-07-28 \t \r\nProgram Impacted: \r\n\t \tBIND \t \r\nVersions affected: \r\n\t \tBIND 9 &#40;all versions&#41;\r\nSeverity:\r\n\t \tHigh \t \r\nExploitable:\r\n\t \tremotely \t \r\nSummary:\r\n\t \tBIND denial of service &#40;server crash&#41; caused by receipt of a specific remote dynamic update message.\r\nDescription:\r\n\r\nUrgent: this exploit is public. Please upgrade immediately.\r\n\r\nReceipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.\r\n\r\nThis vulnerability affects all servers that are masters for one or more zones \u2013 it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.\r\n\r\ndns_db_findrdataset&#40;&#41; fails when the prerequisite section of the dynamic update message contains a record of type \u201cANY\u201d and where at least one RRset for this FQDN exists on the server.\r\n\r\ndb.c:659: REQUIRE&#40;type != &#40;&#40;dns_rdatatype_t&#41;dns_rdatatype_any&#41;&#41; failed\r\nexiting &#40;due to assertion failure&#41;.\r\nWorkarounds:\r\nNone.\r\n\r\n&#40;Some sites may have firewalls that can be configured with packet filtering techniques to prevent nsupdate messages from reaching their nameservers.&#41;\r\nActive exploits:\r\nAn active remote exploit is in wide circulation at this time.\r\nSolution:\r\n\r\nUpgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions can be downloaded from:\r\n\r\n http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\n\r\n http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\n\r\n http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\n\r\nAcknowledgment:\r\n\r\nMatthias Urlichs for reporting the problem.\r\nTom Daly for methodical follow-on testing.\r\nRevision History:\r\n\r\n2009-07-28 Initial text\r\n2009-07-29 Update to reflect Tom Daly&#39;s findings\r\n", "edition": 1, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "SECURITYVULNS:DOC:22238", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22238", "title": "BIND Dynamic Update DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n\nISC has published an announcement here:\n\n https://www.isc.org/node/479\n\nAnd CERT has published an advisory here:\n\n http://www.kb.cert.org/vuls/id/725188\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/bind-9.4.3_P3-i486-1_slack12.2.tgz: Upgraded.\n This BIND update fixes a security problem where a specially crafted\n dynamic update message packet will cause named to exit resulting in\n a denial of service.\n An active remote exploit is in wide circulation at this time.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n https://www.isc.org/node/479\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4.3_P3-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.4.3_P3-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.4.3_P3-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.4.3_P3-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.4.3_P3-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.4.3_P3-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.4.3_P3-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4.3_P3-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4.3_P3-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.4.3_P3-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.4.3_P3-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.4.3_P3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\na80dcb15eb2b64cbbb74094a14cf43ce bind-9.4.3_P3-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n5f076dd18643481aa7ac05d0e5f842c9 bind-9.4.3_P3-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nd6c317bc01909ffd59b27510a3d3e00a bind-9.4.3_P3-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n31d34b00234299cb43adc06a8e5f0ea5 bind-9.4.3_P3-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n5c52f3896416ff260eedbf625db2f0a0 bind-9.4.3_P3-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\ncc4a9d222077cc66ef42f46b94ef999b bind-9.4.3_P3-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\na7eae43c7dbacb05ca5b5968926713da bind-9.4.3_P3-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\nc52604266a652e08173ace69c8676775 bind-9.4.3_P3-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\ndc2c7ee229176f17159a36b426eb76b7 bind-9.4.3_P3-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n0a438a7403bd82d331f1484a73f6b92b bind-9.4.3_P3-i486-1_slack12.2.tgz\n\nSlackware -current package:\na3c9df7a63ca906aab873ab1c75b797d bind-9.4.3_P3-i486-1.txz\n\nSlackware64 -current package:\n17910d0674e4fbf9d364a599a86a8ab6 bind-9.4.3_P3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.4.3_P3-i486-1_slack12.2.tgz\n\nThen, restart bind:\n\n/etc/rc.d/rc.bind restart", "modified": "2009-07-29T22:52:55", "published": "2009-07-29T22:52:55", "id": "SSA-2009-210-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561499", "type": "slackware", "title": "bind", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}