AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



bind 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1248848703
업데이트 : 2009.07.29


상세내용

- 9.4.3-3 (9.4.3-P3) update
- fixed CVE-2009-0696

. CVE-2009-0696:
  Receipt of a specially-crafted dynamic update message to a zone for which the 
  server is the master may cause BIND 9 servers to exit. Testing indicates that 
  the attack packet has to be formulated against a zone for which that machine 
  is a master. Launching the attack against slave zones does not trigger the assert.

  This vulnerability affects all servers that are masters for one or more zones
   - it is not limited to those that are configured to allow dynamic updates.
  ccess controls will not provide an effective workaround.

  dns_db_findrdataset() fails when the prerequisite section of the dynamic update 
  message contains a record of type “ANY” and where at least one RRset for this
  DN exists on the server.

  db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed
  exiting (due to assertion failure).

  현재 exploit 이 활동중이라고 합니다. 즉시 업데이트 하십시오!


Autoupdates 지원 : 일부 지원
  pkgsysupdate && pkgadd -F "bind*"


update 패키지

  RPMS :

    . bind-9.4.3-1.i686.rpm
    . bind-utils-9.4.3-1.i686.rpm
    . bind-devel-9.4.3-1.i686.rpm

  SRPMS :

    . bind-9.4.3-1.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
http://www.kb.cert.org/vuls/id/725188
https://www.isc.org/node/474



    



 Home > Update [ 1.3 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10