Miembros de
Boletines de Vulnerabilidades |
Envenenamiento de la caché DNS en múltiples fabricantes |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Integridad |
| Dificultad | Principiante |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | Microsoft |
| Software afectado |
BIND 8 BIND 9.5.x < 9.5.0-P1 BIND 9.4.x < 9.4.2-P1 BIND 9.3.x < 9.3.5-P1 Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 y SP3 Microsoft Server 2003 SP1 y SP2 Cisco IOS Software 12.0 Sun Solaris 8, 9 y 10 Sun OpenSolaris GlibC HP Storage Management Appliance v2.1 HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 IBM AIX 6.1 BIND IBM AIX 5.3 BIND IBM AIX 5.2 BIND HP Tru64 UNIX v 5.1B-4 BIND v 9.2.8 HP Tru64 UNIX v 5.1B-3 BIND v 9.2.8 HP Integrity and HP Alpha running TCP/IP Services for OpenVMS v 5.5 ECO 3 HP Integrity and HP Alpha running TCP/IP Services for OpenVMS v 5.6 ECO 2 Dnsmasq 2.4.x < 2.4.5 MPE/iX corriendo BIND/iX |
Descripción |
|
|
Se ha encontrado una vulnerabilidad en servidores DNS de varios fabricantes. La vulnerabilidad reside en un error en la implementación del protocolo DNS en la generación aleatoria del número de puerto y del campo Identificador de las peticiones DNS. Un atacante remoto podría obtener información relevante y redireccionar tráfico de Internet a cualquier servidor elegido por el atacante mediante un envenenamiento de caché. Para explotar la vulnerabilidad es necesario que el servidor DNS esté configurado para resolver peticiones recursivas. Existe un exploit público disponible. |
|
Solución |
|
|
Actualización de software Debian (DSA-1603-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3.dsc http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3.diff.gz Arquitectura independiente http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch3_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_alpha.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_amd64.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_arm.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_arm.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_hppa.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_i386.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_ia64.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_mips.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_mipsel.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_powerpc.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_s390.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_sparc.deb http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_sparc.deb Debian (DSA-1604-1) Actualizar a BIND 9 http://lists.debian.org/debian-security-announce/2008/msg00185.html Red Hat (RHSA-2008:0533-3) RHEL Desktop Workstation (v. 5 cliente) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 cliente) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1para el Itanium Processor https://rhn.redhat.com/ Cisco Ver tabla de actualizaciones en: http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml#software Microsoft (MS08-037) Windows 2000 SP4 / Servidor DNS / patch Windows2000-kb951746-x86-enu Windows 2000 SP4 / Cliente DNS / patch Windows2000-kb951748-x86-enu Windows XP SP2 y SP3 / patch Windowsxp-kb951748-x86-enu Windows XP SP2 y SP3 / x64 / patch WindowsServer2003.WindowsXP-kb951748-x86-enu Windows Server 2003 SP1 y SP2 / Servidor DNS / x32 / patch Windowsserver2003-kb951746-x86-enu Windows Server 2003 SP1 y SP2 / Cliente DNS / x32 / patch Windowsserver2003-kb951748-x86-enu Windows Server 2003 SP1 y SP2 / Servidor DNS / x64 / patch Windowsserver2003.WindowsXP-kb951746-x64-enu Windows Server 2003 SP1 y SP2 / Cliente DNS / x64 / patch Windowsserver2003.WindowsXP-kb951748-x64-enu Windows Server 2003 SP1 y SP2 / Servidor DNS / ia64 / patch Windowsserver2003-kb951746-ia64-enu Windows Server 2003 SP1 y SP2 / Cliente DNS / ia64 / patch Windowsserver2003-kb951748-ia64-enu http://www.microsoft.com/downloads Sun (239392) Solaris 10 / SPARC / patch 119783-06 Solaris 10 / x86 / patch 119784-06 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Debian (DSA-1605-1) Debian Linux 4.0 De momento, no existe parche oficial para esta vulnerabilidad en GlibC. Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Hewlett-Packard (HPSBST02350) Storage Management Appliance v2.1 Instale el parche de Microsoft correspondiente a su sistema operativo. Hewlett-Packard HP-UX B.11.11 / BIND v9.2.0 / BIND920v11.tape.depot HP-UX B.11.23 / BIND v9.2.0 / PHNE_37865.depot ftp://ss080058:ss080058@hprc.external.hp.com HP-UX B.11.11 / BIND v9.3.2 / revisión C.9.3.2.3.0 HP-UX B.11.23 / BIND v9.3.2 / revisión C.9.3.2.3.0 HP-UX B.11.31 / BIND v9.3.2 / revisión C.9.3.2.3.0 HP-UX B.11.11 / BIND v8.1.2 / actualizar a BIND v9.2.0 or BIND v9.3.2 y aplicar parches http://software.hp.com Debian (DSA 1619-2) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch2.diff.gz http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0.orig.tar.gz http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch2.dsc Arquitectura independiente http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch2_all.deb Debian (DSA-1623-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4.dsc http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35.orig.tar.gz http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4.diff.gz amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_arm.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_sparc.deb IBM AIX 5.2.0 - APAR IZ42034 (Disponible el 20/5/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26667 AIX 5.3.0 - APAR IZ42035 (Disponible el 29/04/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26668 AIX 5.3.7 - APAR IZ40776 (Disponible el 29/04/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26669 AIX 5.3.8 - APAR IZ42037 (Disponible el 29/04/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26670 AIX 5.3.9 - APAR IZ42064 (Disponible el 29/04/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26670 AIX 6.1.0 - APAR IZ42066 (Disponible el 3/06/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26671 AIX 6.1.1 - APAR IZ42123 (Disponible el 3/06/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26672 AIX 6.1.2 - APAR IZ42126 (Disponible el 3/06/2009) http://www.ibm.com/support/docview.wss?uid=isg1IZ26672 Hewlett-Packard (HPSBTU02357) HP Alpha BIND Server Patch for TCP/IP Services for OpenVMS v 5.4 ECO 7, v 5.5 ECO 3, v 5.6 ECO 2 / patch / ftp://ftp.hp.com/pub/openvms/network/TCPIP_BIND_SERVER.ZIPEXE_ALPHA HP Integrity BIND Server Patch for TCP/IP Services for OpenVMS v 5.5 ECO 3, v 5.6 ECO 2 / patch / ftp://ftp.hp.com/pub/openvms/network/TCPIP_BIND_SERVER.ZIPEXE_I64 Hewlett-Packard (HPSBTU02358) HP Tru64 UNIX v 5.1B-4 / patch / http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001520-V51BB27-ES-20080808 HP Tru64 UNIX v 5.1B-3 / patch / http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001522-V51BB26-ES-20080808 Red Hat (RHSA-2008:0789-3) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux Desktop (v. 5 cliente) https://rhn.redhat.com/ Hewlett-Packard HP NonStop Server software corriendo BIND G-Series / patch SPR T0685G06^AAC H-Series y J-Series / patch SPR T0685^AAD |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2008-1447 |
| BID | |
Recursos adicionales |
|
|
US-CERT (VU#800113) http://www.kb.cert.org/vuls/id/800113 Debian Security Advisory (DSA-1604-1) http://lists.debian.org/debian-security-announce/2008/msg00185.html Debian Security Advisory (DSA-1603-1) http://lists.debian.org/debian-security-announce/2008/msg00184.html Red Hat Security Advisory (RHSA-2008:0533-3) https://rhn.redhat.com/errata/RHSA-2008-0533.html Cisco Security Advisory (cisco-sa-20080708-dns) http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Sun Alert Notification (239392) http://sunsolve.sun.com/search/document.do?assetkey=1-66-239392-1 Debian Security Advisory (DSA-1605-1) http://www.debian.org/security/2008/dsa-1605 SUSE Security Advisory (SUSE-SA:2008:033) http://www.novell.com/linux/security/advisories/2008_33_bind.html Microsoft Security Bulletin (MS08-037) http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx HP SECURITY BULLETIN (HPSBST02350) http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01503743-1 HP SECURITY BULLETIN (HPSBUX02351) http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01506861-1 HP SECURITY BULLETIN (HPSBUX02351) http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01506861-2 Debian Security Advisory (DSA 1619-1) http://lists.debian.org/debian-security-announce/2008/msg00204.html Debian Security Advisory (DSA-1623-1) http://lists.debian.org/debian-security-announce/2008/msg00208.html IBM Security Advisory http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200808/SECURITY/20080801/datafile085211&label=AIX%20named%20DNS%20Cache%20Poisoning%20Vulnerability HP SECURITY BULLETIN (HPSBUX02351) http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01506861-3 HP SECURITY BULLETIN (HPSBOV02357) http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01523520-1&admit=109447627+1219048086280+28353475 HP SECURITY BULLETIN (HPSBTU02358) http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01527346-1 Red Hat Security Advisory (RHSA-2008:0789-3) https://rhn.redhat.com/errata/RHSA-2008-0789.html SUSE Security Advisory (SUSE-SR:2008:017) http://www.novell.com/linux/security/advisories/2008_17_sr.html Debian Security Advisory (DSA 1619-2) http://lists.debian.org/debian-security-announce/2008/msg00233.html IBM Security Advisory http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200901/SECURITY/20090126/datafile133751&label=UPDATE%20AIX%20named%20DNS%20Cache%20Poisoning%20Vulnerability HP SECURITY BULLETIN (HPSBTU02404) http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01660723-1 HP SECURITY BULLETIN (HPSBTU02405) http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01662368-1 |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2008-07-09 |
| 1.1 | Aviso actualizado por Sun (239392), aviso emitido por Debian (DSA-1605-1), aviso emitido por Suse (SUSE-SA:2008:033) | 2008-07-14 |
| 1.2 | Aviso emitido por HP (HPSBST02350) | 2008-07-15 |
| 1.3 | Aviso emitido por HP (HPSBUX02351) | 2008-07-17 |
| 1.4 | Aviso actualizado por HP (HPSBUX02351) | 2008-07-21 |
| 2.0 | Exploit público disponible. | 2008-07-24 |
| 2.1 | Aviso emitido por Debian (DSA 1619-1) | 2008-07-28 |
| 2.2 | Aviso emitido por Debian (DSA 1623-1) | 2008-08-01 |
| 2.3 | Aviso emitido por IBM | 2008-08-04 |
| 2.4 | Aviso actualizado por HP (HPSBUX02351) | 2008-08-07 |
| 2.5 | Aviso emitido por HP (HPSBOV02357), aviso emitido por HP (HPSBTU02358) | 2008-08-18 |
| 2.6 | Aviso emitido por Red Hat (RHSA-2008:0789-3) | 2008-08-19 |
| 2.7 | Aviso emitido por Suse (SUSE-SR:2008:017) | 2008-09-01 |
| 2.8 | Aviso actualizado por Debian (DSA-1619-2) | 2008-09-22 |
| 2.9 | Aviso actualizado por IBM | 2009-01-28 |
| 2.10 | Aviso emitido por HP (HPSBUX02404), aviso emitido por HP (HPSBUX02405) | 2009-02-04 |