U radu programskog paketa Bind, za operacijski sustav HP-UX, otkriven je sigurnosni propust kojeg udaljeni napadač može iskoristiti za izvođenje DoS napada (eng. Denial of Service attack).
Paket:
BIND 9.x
Operacijski sustavi:
HP-UX 11.x
Kritičnost:
6.3
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-1667
Izvorni ID preporuke:
HPSBUX02795
Izvor:
Hewlett Packard
Problem:
Propust je posljedica nepravile obrade zapisa s praznim RDATA dijelom.
Posljedica:
Navedeni nedostatak udaljeni zlonamjerni korisnik može iskoristiti za izvođenje DoS (eng. Denial of Service) napada.
Rješenje:
Svim se korisnicima, u svrhu zaštite sigurnosti, savjetuje njegova nadogradnja na novije inačice.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03388901
Version: 1
HPSBUX02795 SSRT100878 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-07-02
Last Updated: 2012-06-29
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2012-1667
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running BIND 9.3 prior to C.9.3.2.12.0-beta
HP-UX B.11.11 and B.11.23 running BIND 9.3 prior to C.9.3.2.10.0-beta
BACKGROUND
For a PGP signed version of this security bulletin please write to: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
CVSS 2.0 Base Metrics
Reference
Base Vector
Base Score
CVE-2012-1667
(AV:N/AC:L/Au:N/C:P/I:N/A:C)
8.5
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided patched versions of the BIND service to resolve this vulnerability. When final depots are released this bulletin will be revised.
These upgrades are available from the following location
ftp://s02795:Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
BIND 9.3.2 for HP-UX Release
Depot Name
B.11.11 (PA and IA)
BIND93-1111-unof.depot
B.11.23 (PA and IA)
BIND93-1123-unof.depot
B.11.31 (PA and IA)
BIND93-1131-unof.depot
MANUAL ACTIONS: Yes - Update
Download and install the software update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For BIND 9.3
HP-UX B.11.11
==================
BindUpgrade.BIND-UPGRADE
action: install revision C.9.3.2.10.0-beta or subsequent
HP-UX B.11.23
==================
BindUpgrade.BIND-UPGRADE
BindUpgrade.BIND2-UPGRADE
action: install revision C.9.3.2.10.0-beta or subsequent
HP-UX B.11.31
==================
NameService.BIND-AUX
NameService.BIND-RUN
action: install revision C.9.3.2.12.0-beta or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 2 July 2012 Initial release
Posljednje sigurnosne preporuke