bind-9.8.2-0.62.4.0.1.rc1.AXS4
エラータID: AXSA:2017-1731:05
リリース日:
2017/07/06 Thursday - 14:25
題名:
bind-9.8.2-0.62.4.0.1.rc1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 権威 DNS サーバにメッセージを送受信できる,妥当な TSIG キー
名を知っている攻撃者が,注意深くリクエストパケットを
作成することによって, AXFR リクエストの TSIG 認証を
迂回できる脆弱性があります。(CVE-2017-3142)
- 権威 DNS サーバにメッセージを送受信できる,ターゲットにされる
ゾーンとサービスに関する妥当な TSIG キー名を知っている攻撃
者が,BIND を操作することができる可能性のある脆弱性があり
ます。(CVE-2017-3143)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-3142
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
CVE-2017-3143
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
追加情報:
N/A
ダウンロード:
SRPMS
- bind-9.8.2-0.62.4.0.1.rc1.AXS4.src.rpm
MD5: 73f8242774f5e49eb74cae203228c9cd
SHA-256: d89f06a9cdb540801728b5c57a19cd67cb8173a435d853b72d64af0b374f5e94
Size: 8.46 MB
Asianux Server 4 for x86
- bind-9.8.2-0.62.4.0.1.rc1.AXS4.i686.rpm
MD5: 21dd58905670d8cc430b0e8625e4bf91
SHA-256: 25ff1079eaced2da587387efc53742932baaa2eed2221680753f5083db297f36
Size: 4.00 MB - bind-chroot-9.8.2-0.62.4.0.1.rc1.AXS4.i686.rpm
MD5: d5b22a2280b93a428cfa0b487e35c83a
SHA-256: 3fa9bcd12d11f141c929f16a2b59584d7cdd2cb158554c6e7b9433c3c6e139d9
Size: 77.08 kB - bind-libs-9.8.2-0.62.4.0.1.rc1.AXS4.i686.rpm
MD5: c4edc8038248e9eef241ceee4d5477e3
SHA-256: 2adb388e939075280b7ccb71e16ff0c806e295b3fe77c14a7a95b23ffdfcc3c2
Size: 903.03 kB - bind-utils-9.8.2-0.62.4.0.1.rc1.AXS4.i686.rpm
MD5: 509a434605f585b4780bf1b16fee40d6
SHA-256: 15c324834566efa7cdcb8f461355a34a39b15fa99de274ad4fded2f4efe3116c
Size: 187.43 kB
Asianux Server 4 for x86_64
- bind-9.8.2-0.62.4.0.1.rc1.AXS4.x86_64.rpm
MD5: 6b82c86f12f4ab0c96751b515b395cb4
SHA-256: 95c3775c51ad0e8fc796b4c53a1a1a5e0c7353b5810c2f974d86682c13751796
Size: 4.00 MB - bind-chroot-9.8.2-0.62.4.0.1.rc1.AXS4.x86_64.rpm
MD5: 02c65287586e1879ac545fbd00e40da9
SHA-256: 7999574316d2727d232a71a070d21d9deddfc94917241a6bc2bf2f1a2f43b23f
Size: 76.64 kB - bind-libs-9.8.2-0.62.4.0.1.rc1.AXS4.x86_64.rpm
MD5: 252afa14447fe6f15371ace0512bbef9
SHA-256: b23f8242a1efdaf1384d56bdf1e0c5fb01f848b168ea481c18afe3f48dafca95
Size: 890.95 kB - bind-utils-9.8.2-0.62.4.0.1.rc1.AXS4.x86_64.rpm
MD5: 26dd188f694231bd3a7e37e27ab39f84
SHA-256: 4286cafcdfc4de12ecaf45c6104ef4432b929ead5e74c0674b6ae38adfc2d215
Size: 188.04 kB - bind-libs-9.8.2-0.62.4.0.1.rc1.AXS4.i686.rpm
MD5: c4edc8038248e9eef241ceee4d5477e3
SHA-256: 2adb388e939075280b7ccb71e16ff0c806e295b3fe77c14a7a95b23ffdfcc3c2
Size: 903.03 kB