SUSE-SA:2009:005 -- SUSE bind information disclosureID: oval:org.secpod.oval:def:400062 | Date: (C)2012-01-31 (M)2021-09-12 |
Class: PATCH | Family: unix |
The DNS daemon bind is used to resolve and lookup addresses on the inter- net. Some month ago a vulnerability in the DNS protocol and its numbers was published that allowed easy spoofing of DNS entries. The only way to pro- tect against spoofing is to use DNSSEC. Unfortunately the bind code that verifys the certification chain of a DNS- SEC zone transfer does not properly check the return value of function DSA_do_verify. This allows the spoofing of records signed with DSA or NSEC3DSA.
Platform: |
openSUSE 10.3 |
openSUSE 11.1 |
openSUSE 11.0 |