|
Mandriva- Advisories MDKSA-2007:149: Updated BIND9 packages fix vulnerabilities
Advisories MDKSA-2007:149: Updated BIND9 packages fix vulnerabilities
The DNS query id generation code in BIND9 is vulnerable to
cryptographic analysis which provides a 1-in-8 change of guessing the
next query ID for 50% of the query IDs, which could be used by a remote
attacker to perform cache poisoning by an attacker (CVE-2007-2926).
As well, in BIND9 9.4.x, the default ACLs were note being correctly
set, which could allow anyone to make recursive queries and/or query
the cache contents (CVE-2007-2925).
This update provides packages which are patched to prevent these
issues.
http://mandrivausers.org/index.php?showtopic=43005
Array
Wed, 25 Jul 2007 22:11:04 +0000
|
08-01-2007, 11:09 AM
Posted
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
