Kod programskog paketa BIND uočen je i ispravljen nov sigurnosni nedostatak. Riječ je o implementaciji DNS (eng. Domain Name System) protokola. Uočen nedostatak javlja se zbog neispravne obrade kombinacije posebnih negativnih vrijednosti odgovora i odgovarajućih RRSIG (eng. Resource Record Signature) zapisa u priručnoj memoriji. Zlonamjerni, udaljeni korisnici mogu iskoristiti opisani nedostatak za pokretanje napada uskraćivanja usluge. Svim se korisnicima savjetuje primjena objavljene nadogradnje koja ispravlja nedostatak.

HP-UX update for BIND
Secunia Advisory 	SA44152 	
Get alerted and manage the vulnerability life cycle
Free Trial

Release Date 	2011-04-12
  	 
Popularity 	55 views
Comments 	0 comments

Criticality level 	Moderately criticalModerately critical
Impact 	DoS
Where 	From remote
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Operating System	
	HP-UX 11.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2010-3613 CVSS available in Customer Area
	   	

Description

HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA42374

The vulnerability is reported in HP-UX B.11.31 running BIND versions prior to C.9.3.2.9.0 and HP-UX B.11.11 and B.11.23 running BIND versions prior to C.9.3.2.8.0.

Solution
Apply updated packages.
Further details available in Customer Area
Original Advisory
HPSBUX02655 SSRT100353:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02783438

Other references
Further details available in Customer Area