6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
87.0%
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.
A flaw was discovered in the way BIND checked the return value of the
OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone
could present a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks. (CVE-2009-0025)
For users of Red Hat Enterprise Linux 3 this update also addresses a bug
which can cause BIND to occasionally exit with an assertion failure.
All BIND users are advised to upgrade to the updated package, which
contains a backported patch to resolve this issue. After installing the
update, BIND daemon will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 2 | ia64 | bind-utils | < 9.2.1-11.el2 | bind-utils-9.2.1-11.el2.ia64.rpm |
RedHat | 5 | s390x | bind-chroot | < 9.3.4-6.0.3.P1.el5_2 | bind-chroot-9.3.4-6.0.3.P1.el5_2.s390x.rpm |
RedHat | 5 | s390x | bind-utils | < 9.3.4-6.0.3.P1.el5_2 | bind-utils-9.3.4-6.0.3.P1.el5_2.s390x.rpm |
RedHat | 5 | i386 | bind-utils | < 9.3.4-6.0.3.P1.el5_2 | bind-utils-9.3.4-6.0.3.P1.el5_2.i386.rpm |
RedHat | 5 | ppc64 | bind-libs | < 9.3.4-6.0.3.P1.el5_2 | bind-libs-9.3.4-6.0.3.P1.el5_2.ppc64.rpm |
RedHat | 5 | ppc | bind-chroot | < 9.3.4-6.0.3.P1.el5_2 | bind-chroot-9.3.4-6.0.3.P1.el5_2.ppc.rpm |
RedHat | 4 | i386 | bind-utils | < 9.2.4-30.el4_7.1 | bind-utils-9.2.4-30.el4_7.1.i386.rpm |
RedHat | 5 | ppc64 | bind-devel | < 9.3.4-6.0.3.P1.el5_2 | bind-devel-9.3.4-6.0.3.P1.el5_2.ppc64.rpm |
RedHat | 3 | x86_64 | bind-utils | < 9.2.4-23.el3 | bind-utils-9.2.4-23.el3.x86_64.rpm |
RedHat | 4 | ppc | bind-libs | < 9.2.4-30.el4_7.1 | bind-libs-9.2.4-30.el4_7.1.ppc.rpm |