bind-9.9.4-50.1.0.1.el7.AXS7
エラータID: AXSA:2017-1732:04
リリース日:
2017/07/06 Thursday - 14:40
題名:
bind-9.9.4-50.1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 権威 DNS サーバにメッセージを送受信できる,妥当な TSIG キー
名を知っている攻撃者が,注意深くリクエストパケットを
作成することによって, AXFR リクエストの TSIG 認証を
迂回できる脆弱性があります。(CVE-2017-3142)
- 権威 DNS サーバにメッセージを送受信できる,ターゲットにされる
ゾーンとサービスに関する妥当な TSIG キー名を知っている攻撃
者が,BIND を操作することができる可能性のある脆弱性があり
ます。(CVE-2017-3143)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-3142
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
CVE-2017-3143
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
追加情報:
N/A
ダウンロード:
SRPMS
- bind-9.9.4-50.1.0.1.el7.AXS7.src.rpm
MD5: 3950e34ed193c4b19fac53c09146a5bc
SHA-256: 6655dfc888e0b2e632773d7b83fd93bda0774591a2deef5a06a2207c8ee539b3
Size: 7.53 MB
Asianux Server 7 for x86_64
- bind-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: c2a8446a83f21576cb61a9b913b6c079
SHA-256: fa6ea6ae110c1dd4224623ecbbdcb90a86da49d9915b619e4d9a66ddb6365d58
Size: 1.78 MB - bind-chroot-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: 21e9ee3817e1c391d271721a7792cc5b
SHA-256: 5d6d0f96d7cb83bcf0e6fc3d64fc8e36a432bca0a60ef27fdaa77264c637d36b
Size: 84.32 kB - bind-libs-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: b963b6d1312c8e621fd29793d7731f06
SHA-256: cf7b7a43872f4fad00c965d75da718eeca96f7df898c3262d2102dcf09457aa2
Size: 1.00 MB - bind-libs-lite-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: c8aca79830d785621bde78581b7c4766
SHA-256: 79a034eb3b5d481c3418967076f3db1536acf6d3bbfb36010946b0eb6710270e
Size: 729.27 kB - bind-license-9.9.4-50.1.0.1.el7.AXS7.noarch.rpm
MD5: 7d5b3ee658177bcaa7c3d2534258f505
SHA-256: de8d26622583239687b510ed9f93563ad582ef15d1936ec36e602cbb5f16de0c
Size: 82.55 kB - bind-pkcs11-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: 54c822a15354c155692ba421b7baa234
SHA-256: 4932149cfd1f5ae145553dd709836f2515798cd1240f2ab65a3178e4054e8d48
Size: 294.62 kB - bind-pkcs11-libs-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: a1d23149ceb5e6e6295384d8dc3e1ca4
SHA-256: 44da271395f5d7961b0c83447120262b6ae091868f6697fad97d5d9b776ddd2c
Size: 1.14 MB - bind-pkcs11-utils-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: 433809936397f6aecc110b833853b812
SHA-256: ea4e6e411e46b515724f3d7d880d53d46b1417517a55d39013ef8a9647cf4c80
Size: 195.79 kB - bind-utils-9.9.4-50.1.0.1.el7.AXS7.x86_64.rpm
MD5: 61aefdfdc48adb2cb349497a4f0d401a
SHA-256: 29bb0f68a7e1ec5f84698cbe2ba2ff40ae3431ee06abe99201fa59e1d9174ae1
Size: 201.55 kB - bind-libs-9.9.4-50.1.0.1.el7.AXS7.i686.rpm
MD5: 0c6a4b327326141fa76128df036ae0c7
SHA-256: f9b91cf244021b3da3a7686b01ac4f33009bd59e31132e719169344e6e295b28
Size: 0.98 MB - bind-libs-lite-9.9.4-50.1.0.1.el7.AXS7.i686.rpm
MD5: 4b8fc9ecd550a39971bb24ca4b4005be
SHA-256: 62348f2fa9c23f7d89ee19715525cee4c3a81f10b4c77f2b7f2a9490ab4e956f
Size: 719.33 kB - bind-pkcs11-libs-9.9.4-50.1.0.1.el7.AXS7.i686.rpm
MD5: 160166fccbf942cc6f76919280810fc0
SHA-256: 532c5a143f5639d3f276eb6d2db56a6830a987bc017e6cc8b9447eee306324ce
Size: 1.12 MB