Advisory Published
Updated

RHSA-2008:0533: Important: bind security update

First published: Tue Jul 08 2008(Updated: )

ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS<br>(Domain Name System) protocols.<br>The DNS protocol protects against spoofing attacks by requiring an attacker<br>to predict both the DNS transaction ID and UDP source port of a request. In<br>recent years, a number of papers have found problems with DNS<br>implementations which make it easier for an attacker to perform DNS<br>cache-poisoning attacks.<br>Previous versions of BIND did not use randomized UDP source ports. If an<br>attacker was able to predict the random DNS transaction ID, this could make<br>DNS cache-poisoning attacks easier. In order to provide more resilience,<br>BIND has been updated to use a range of random UDP source ports.<br>(CVE-2008-1447)<br>Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4<br>and 5 to allow BIND to use random UDP source ports.<br>Users of BIND are advised to upgrade to these updated packages, which<br>contain a backported patch to add this functionality.<br>Red Hat would like to thank Dan Kaminsky for reporting this issue.

Affected SoftwareAffected VersionHow to fix
redhat/bind<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-chroot<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-chroot<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-devel<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-devel<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-devel<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-devel<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-libbind-devel<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-libbind-devel<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-libbind-devel<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-libbind-devel<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-libs<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-libs<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-libs<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-libs<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-sdb<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-sdb<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-utils<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-utils<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/caching-nameserver<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/caching-nameserver<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/selinux-policy<2.4.6-137.1.el5_2
2.4.6-137.1.el5_2
redhat/selinux-policy-devel<2.4.6-137.1.el5_2
2.4.6-137.1.el5_2
redhat/selinux-policy-mls<2.4.6-137.1.el5_2
2.4.6-137.1.el5_2
redhat/selinux-policy-strict<2.4.6-137.1.el5_2
2.4.6-137.1.el5_2
redhat/selinux-policy-targeted<2.4.6-137.1.el5_2
2.4.6-137.1.el5_2
redhat/bind<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-chroot<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-chroot<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-sdb<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-sdb<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind-utils<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/bind-utils<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/caching-nameserver<9.3.4-6.0.1.P1.el5_2
9.3.4-6.0.1.P1.el5_2
redhat/caching-nameserver<9.3.4-6.0.2.P1.el5_2
9.3.4-6.0.2.P1.el5_2
redhat/bind<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-chroot<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-devel<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-libs<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-libs<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-utils<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/selinux-policy-targeted<1.17.30-2.150.el4
1.17.30-2.150.el4
redhat/selinux-policy-targeted-sources<1.17.30-2.150.el4
1.17.30-2.150.el4
redhat/bind<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-chroot<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-devel<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4
redhat/bind-utils<9.2.4-28.0.1.el4
9.2.4-28.0.1.el4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203