Uočene su dvije sigurnosne ranjivosti u programskom paketu BIND koje mogu iskoristiti udaljeni napadači. Spomenuti paket implementira DNS (eng. Domain Name System) protokol. Prva ranjivost je posljedica nepravilnog rukovanja s negativnim odgovorima i odgovarajućih RRSIG zapisa u priručnoj memoriji, a druga je vezana uz NS RRset. Obje ranjivosti mogu rezultirati DoS (eng. Denial of Service) napadom. Za više detalja preporuča se pregled teksta originalne preporuke. Preporuča se korištenje dostupnih zakrpa.
Oracle Solaris BIND Two Vulnerabilities
Secunia Advisory SA43935
Release Date 2011-03-30
Criticality level Moderately criticalModerately critical
Impact Manipulation of data
DoS
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Operating System
Sun Solaris 10
Sun Solaris 8
Sun Solaris 9
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-3613 CVSS available in Customer Area
CVE-2010-3614 CVSS available in Customer Area
Description
Oracle has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
For more information:
SA42374
SA42435
Solution
Apply patches.
Further details available in Customer Area
Original Advisory
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_bind_dns
Other references
Further details available in Customer Area
Posljednje sigurnosne preporuke