Vulnerabilities > CVE-2009-0025 - Improper Authentication vulnerability in ISC Bind
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Isc
| 97 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Authentication Abuse An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Utilizing REST's Trust in the System Resource to Register Man in the Middle This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
- Man in the Middle Attack This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Nessus
NASL family AIX Local Security Checks NASL id AIX_IV10049.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63701 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63701 title AIX 7.1 TL 1 : bind9 (IV10049) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory3.asc. # include("compat.inc"); if (description) { script_id(63701); script_version("1.4"); script_cvs_date("Date: 2019/09/16 14:13:03"); script_cve_id("CVE-2009-0025", "CVE-2010-0097", "CVE-2010-0382", "CVE-2011-4313"); script_name(english:"AIX 7.1 TL 1 : bind9 (IV10049)"); script_summary(english:"Check for APAR IV10049"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal." ); # http://www.isc.org/software/bind/advisories/cve-2011-4313 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f77e2a75" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory3.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_cwe_id(287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.1", ml:"01", sp:"01", patch:"IV10049m01", package:"bos.net.tcp.client", minfilesetver:"7.1.1.0", maxfilesetver:"7.1.1.1") < 0) flag++; if (aix_check_ifix(release:"7.1", ml:"01", sp:"01", patch:"IV10049m01", package:"bos.net.tcp.server", minfilesetver:"7.1.1.0", maxfilesetver:"7.1.1.0") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-037.NASL description Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265). last seen 2020-06-01 modified 2020-06-02 plugin id 36346 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36346 title Mandriva Linux Security Advisory : bind (MDVSA-2009:037) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0004.NASL description a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved last seen 2020-06-01 modified 2020-06-02 plugin id 40389 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40389 title VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim NASL family Fedora Local Security Checks NASL id FEDORA_2009-0350.NASL description Update to 9.5.1-P1 maintenance release which includes fix for CVE-2009-0025. This update also fixes rare crash of host utility. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35398 published 2009-01-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35398 title Fedora 9 : bind-9.5.1-1.P1.fc9 (2009-0350) NASL family SuSE Local Security Checks NASL id SUSE_11_1_BIND-090126.NASL description This update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025) last seen 2020-06-01 modified 2020-06-02 plugin id 40193 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40193 title openSUSE Security Update : bind (bind-426) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-014-02.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 54870 published 2011-05-28 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54870 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2009-014-02) NASL family SuSE Local Security Checks NASL id SUSE_11_0_BIND-090112.NASL description This update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025) last seen 2020-06-01 modified 2020-06-02 plugin id 39921 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39921 title openSUSE Security Update : bind (bind-426) NASL family AIX Local Security Checks NASL id AIX_IV09978.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63700 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63700 title AIX 6.1 TL 7 : bind9 (IV09978) NASL family AIX Local Security Checks NASL id AIX_IV09491.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63699 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63699 title AIX 5.3 TL 12 : bind9 (IV09491) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL11503.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78125 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78125 title F5 Networks BIG-IP : BIND 9 vulnerability (SOL11503) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0020.NASL description From Red Hat Security Advisory 2009:0020 : Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67792 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67792 title Oracle Linux 3 / 4 / 5 : bind (ELSA-2009-0020) NASL family SuSE Local Security Checks NASL id SUSE_BIND-5905.NASL description This update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025) last seen 2020-06-01 modified 2020-06-02 plugin id 41479 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41479 title SuSE 10 Security Update : bind (ZYPP Patch Number 5905) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0020.NASL description Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 35589 published 2009-02-05 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35589 title CentOS 3 / 4 / 5 : bind (CESA-2009:0020) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114265.NASL description SunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11 last seen 2020-06-01 modified 2020-06-02 plugin id 27094 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27094 title Solaris 9 (x86) : 114265-23 NASL family AIX Local Security Checks NASL id AIX_IV11743.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63706 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63706 title AIX 6.1 TL 6 : bind9 (IV11743) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200903-14.NASL description The remote host is affected by the vulnerability described in GLSA-200903-14 (BIND: Incorrect signature verification) BIND does not properly check the return value from the OpenSSL functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) certificates. Impact : A remote attacker could bypass validation of the certificate chain to spoof DNSSEC-authenticated records. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 35812 published 2009-03-10 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35812 title GLSA-200903-14 : BIND: Incorrect signature verification NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1703.NASL description It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine. last seen 2020-06-01 modified 2020-06-02 plugin id 35366 published 2009-01-14 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35366 title Debian DSA-1703-1 : bind9 - interpretation conflict NASL family Fedora Local Security Checks NASL id FEDORA_2009-0451.NASL description Update to 9.5.1-P1 maintenance release which fixes CVE-2009-0025. This update also address following issues : - sample config file was outdated. - specifying a fixed query source was broken Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36411 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36411 title Fedora 10 : bind-9.5.1-1.P1.fc10 (2009-0451) NASL family Solaris Local Security Checks NASL id SOLARIS9_112837.NASL description SunOS 5.9: in.dhcpd libresolv and BIND9 pa. Date this patch was last updated by Sun : Jul/21/11 last seen 2020-06-01 modified 2020-06-02 plugin id 26165 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26165 title Solaris 9 (sparc) : 112837-24 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-706-1.NASL description It was discovered that Bind did not properly perform signature verification. When DNSSEC with DSA signatures are in use, a remote attacker could exploit this to bypass signature validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36220 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36220 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : bind9 vulnerability (USN-706-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-002.NASL description A flaw was found in how BIND checked the return value of the OpenSSL DSA_do_verify() function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks (CVE-2009-0025). The updated packages have been patched to prevent this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37473 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37473 title Mandriva Linux Security Advisory : bind (MDVSA-2009:002) NASL family DNS NASL id BIND_SIG_RETURN_CHECKS.NASL description According to its version number, the remote installation of BIND does not properly check the return value from the OpenSSL library functions last seen 2020-06-01 modified 2020-06-02 plugin id 38735 published 2009-05-12 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38735 title ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness NASL family AIX Local Security Checks NASL id AIX_IV11744.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63707 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63707 title AIX 7.1 TL 0 : bind9 (IV11744) NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_7.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38744 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38744 title Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0020.NASL description Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 35324 published 2009-01-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35324 title RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2009:0020) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family AIX Local Security Checks NASL id AIX_IV11742.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63705 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63705 title AIX 6.1 TL 5 : bind9 (IV11742) NASL family SuSE Local Security Checks NASL id SUSE_BIND-5915.NASL description This update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025) last seen 2020-06-01 modified 2020-06-02 plugin id 35445 published 2009-01-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35445 title openSUSE 10 Security Update : bind (bind-5915) NASL family SuSE Local Security Checks NASL id SUSE9_12328.NASL description This update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025) last seen 2020-06-01 modified 2020-06-02 plugin id 41266 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41266 title SuSE9 Security Update : bind (YOU Patch Number 12328) NASL family Scientific Linux Local Security Checks NASL id SL_20090108_BIND_ON_SL3_X.NASL description A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. After installing theupdate, BIND daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60517 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60517 title Scientific Linux Security Update : bind on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Misc. NASL id VMWARE_VMSA-2009-0004_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities : - A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the last seen 2020-06-01 modified 2020-06-02 plugin id 89112 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89112 title VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL9754.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78228 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78228 title F5 Networks BIG-IP : BIND 9 vulnerability (SOL9754) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-002.NASL description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38743 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38743 title Mac OS X Multiple Vulnerabilities (Security Update 2009-002)
Oval
accepted 2013-04-29T04:09:35.806-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. family unix id oval:org.mitre.oval:def:10879 status accepted submitted 2010-07-09T03:56:16-04:00 title BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. version 27 accepted 2009-11-30T04:00:05.406-05:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard name Michael Wood organization Hewlett-Packard
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMWare ESX Server 3.0.2 is installed oval oval:org.mitre.oval:def:5613 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887
description BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. family unix id oval:org.mitre.oval:def:5569 status accepted submitted 2009-09-23T15:39:02.000-04:00 title Avaya Solaris BIND "EVP_VerifyFinal()" Signature Spoofing Vulnerability version 3
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33
- http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://marc.info/?l=bugtraq&m=141879471518471&w=2
- http://marc.info/?l=bugtraq&m=141879471518471&w=2
- http://marc.info/?l=bugtraq&m=141879471518471&w=2
- http://marc.info/?l=bugtraq&m=141879471518471&w=2
- http://secunia.com/advisories/33494
- http://secunia.com/advisories/33494
- http://secunia.com/advisories/33546
- http://secunia.com/advisories/33546
- http://secunia.com/advisories/33551
- http://secunia.com/advisories/33551
- http://secunia.com/advisories/33559
- http://secunia.com/advisories/33559
- http://secunia.com/advisories/33683
- http://secunia.com/advisories/33683
- http://secunia.com/advisories/33882
- http://secunia.com/advisories/33882
- http://secunia.com/advisories/35074
- http://secunia.com/advisories/35074
- http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc
- http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1
- http://support.apple.com/kb/HT3549
- http://support.apple.com/kb/HT3549
- http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm
- http://wiki.rpath.com/Advisories:rPSA-2009-0009
- http://wiki.rpath.com/Advisories:rPSA-2009-0009
- http://www.ocert.org/advisories/ocert-2008-016.html
- http://www.ocert.org/advisories/ocert-2008-016.html
- http://www.openbsd.org/errata44.html#008_bind
- http://www.openbsd.org/errata44.html#008_bind
- http://www.securityfocus.com/archive/1/499827/100/0/threaded
- http://www.securityfocus.com/archive/1/499827/100/0/threaded
- http://www.securityfocus.com/archive/1/500207/100/0/threaded
- http://www.securityfocus.com/archive/1/500207/100/0/threaded
- http://www.securityfocus.com/archive/1/502322/100/0/threaded
- http://www.securityfocus.com/archive/1/502322/100/0/threaded
- http://www.securityfocus.com/bid/33151
- http://www.securityfocus.com/bid/33151
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vmware.com/security/advisories/VMSA-2009-0004.html
- http://www.vmware.com/security/advisories/VMSA-2009-0004.html
- http://www.vupen.com/english/advisories/2009/0043
- http://www.vupen.com/english/advisories/2009/0043
- http://www.vupen.com/english/advisories/2009/0366
- http://www.vupen.com/english/advisories/2009/0366
- http://www.vupen.com/english/advisories/2009/0904
- http://www.vupen.com/english/advisories/2009/0904
- http://www.vupen.com/english/advisories/2009/1297
- http://www.vupen.com/english/advisories/2009/1297
- https://issues.rpath.com/browse/RPL-2938
- https://issues.rpath.com/browse/RPL-2938
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569
- https://www.isc.org/software/bind/advisories/cve-2009-0025
- https://www.isc.org/software/bind/advisories/cve-2009-0025
- https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html
- https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html