Cache Poisoning Vulnerability

Posted on July 24, 2008 by krisna

Lha…. Ada apa dengan bind nih?

Connected to 128.46.156.46
Updating collection OpenBSD-ports/cvs
Updating collection OpenBSD-src/cvs
Edit src/usr.sbin/bind/bin/named/client.c
Edit src/usr.sbin/bind/bin/named/server.c
Edit src/usr.sbin/bind/doc/arm/Bv9ARM-book.xml
Edit src/usr.sbin/bind/doc/arm/Bv9ARM.ch06.html
Edit src/usr.sbin/bind/lib/dns/api
Edit src/usr.sbin/bind/lib/dns/dispatch.c
Edit src/usr.sbin/bind/lib/dns/include/dns/dispatch.h
Edit src/usr.sbin/bind/lib/dns/resolver.c
Edit src/usr.sbin/bind/lib/isc/random.c
Edit src/usr.sbin/bind/lib/isc/shuffle.c
Edit src/usr.sbin/bind/lib/isc/unix/app.c
Edit src/usr.sbin/bind/lib/isc/unix/socket.c
Edit src/usr.sbin/bind/lib/isc/unix/socket_p.h
Finished successfully

Check undeadly.org & errata-page baru ketahuan kalau ada bug di BIND. Yuk upgrade sebelum name server kita diracun ama orang.

004: SECURITY FIX: July 23, 2008 All architectures
2nd revision, July 23, 2008

A vulnerability has been found with BIND. An attacker could use this vulnerability to poison the cache of a recursive resolving name server. CVE-2008-1447. A source code patch exists which remedies this problem.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • LinkedIn
  • Ma.gnolia
  • Technorati
  • Live
  • YahooBuzz
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>