Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Производитель ПО
Наименование ПО
Internet Service
(B.11.23, BindUpgrade.C.9.3.2.0, BindUpgrade.C.9.3.2.1.0, BINDv920.B.11.11.00, BINDv920.B.11.11.01.009)
BIND Server
(9.3.0, 9.3.4)
bind
(Unknown)
Описание
Уязвимость в ISC BIND (BIND-форум) позволяет злоумышленникам, действующим удаленно, вызвать отказ в обслуживании (аварийное завершение работы named-демона), что приводит к «разыменованию ранее освобожденной выборки контекста».
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.securityfocus.com/bid/22229/solution
http://www.securityfocus.com/bid/22229/solution
Ссылки
FULLDISC (20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]): http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052018.html
MLIST ([bind-announce] 20070125 Internet Systems Consortium Security Advisory.): http://marc.theaimsgroup.com/?l=bind-announce&m=116968519321296&w=2
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
FRSIRT (ADV-2007-0349): http://www.frsirt.com/english/advisories/2007/0349
BUGTRAQ (20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]): http://www.securityfocus.com/archive/1/archive/1/458066/100/0/threaded
http://www.isc.org/index.pl?/sw/bind/bind-security.php
https://issues.rpath.com/browse/RPL-989
FEDORA (FEDORA-2007-147): http://fedoranews.org/cms/node/2507
FEDORA (FEDORA-2007-164): http://fedoranews.org/cms/node/2537
FREEBSD (FreeBSD-SA-07:02): http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
GENTOO (GLSA-200702-06): http://security.gentoo.org/glsa/glsa-200702-06.xml
MANDRIVA (MDKSA-2007:030): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:030
OPENPKG (OpenPKG-SA-2007.007): http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
REDHAT (RHSA-2007:0057): http://www.redhat.com/support/errata/RHSA-2007-0057.html
SLACKWARE (SSA:2007-026-01): http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
SUSE (SUSE-SA:2007:014): http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
TRUSTIX (2007-0005): http://www.trustix.org/errata/2007/0005
UBUNTU (USN-418-1): http://www.ubuntu.com/usn/usn-418-1
BID (22229): http://www.securityfocus.com/bid/22229
HP (HPSBTU02207): https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
FRSIRT (ADV-2007-1401): http://www.frsirt.com/english/advisories/2007/1401
MLIST ([bind-announce] 20070125 Internet Systems Consortium Security Advisory.): http://marc.theaimsgroup.com/?l=bind-announce&m=116968519321296&w=2
http://www.isc.org/index.pl?/sw/bind/view/?release=9.2.8
http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.4
FRSIRT (ADV-2007-0349): http://www.frsirt.com/english/advisories/2007/0349
BUGTRAQ (20070125 BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]): http://www.securityfocus.com/archive/1/archive/1/458066/100/0/threaded
http://www.isc.org/index.pl?/sw/bind/bind-security.php
https://issues.rpath.com/browse/RPL-989
FEDORA (FEDORA-2007-147): http://fedoranews.org/cms/node/2507
FEDORA (FEDORA-2007-164): http://fedoranews.org/cms/node/2537
FREEBSD (FreeBSD-SA-07:02): http://security.freebsd.org/advisories/FreeBSD-SA-07:02.bind.asc
GENTOO (GLSA-200702-06): http://security.gentoo.org/glsa/glsa-200702-06.xml
MANDRIVA (MDKSA-2007:030): http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:030
OPENPKG (OpenPKG-SA-2007.007): http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.007.html
REDHAT (RHSA-2007:0057): http://www.redhat.com/support/errata/RHSA-2007-0057.html
SLACKWARE (SSA:2007-026-01): http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.494157
SUSE (SUSE-SA:2007:014): http://lists.suse.com/archive/suse-security-announce/2007-Jan/0016.html
TRUSTIX (2007-0005): http://www.trustix.org/errata/2007/0005
UBUNTU (USN-418-1): http://www.ubuntu.com/usn/usn-418-1
BID (22229): http://www.securityfocus.com/bid/22229
HP (HPSBTU02207): https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
FRSIRT (ADV-2007-1401): http://www.frsirt.com/english/advisories/2007/1401
