Advisories:rPSA-2009-0009

From rPath Wiki

rPath Security Advisory 2009-0009-1

Published: 2009-01-20

Products

• rPath Linux 1
• rPath Linux 2

Rating

Severe

Exposure Level Classification

Indirect Deterministic Vulnerability

Updated Versions

• bind=conary.rpath.com@rpl:1/9.3.4_P1-0.7-1
• bind=conary.rpath.com@rpl:2/9.4.2_P1-4.2-1
• bind-utils=conary.rpath.com@rpl:1/9.3.4_P1-0.7-1
• bind-utils=conary.rpath.com@rpl:2/9.4.2_P1-4.2-1

rPath Issue Tracking System

• RPL-2938

References

• CVE-2009-0025
• https://www.isc.org/node/373
• http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33

Description

Previous versions of BIND incorrectly interpret the return value of the

OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone

could present a malformed DSA certificate and bypass proper certificate

validation, allowing spoofing attacks.

rPath Linux does not ship with DNSSEC enabled, and therefore is not, by

default, vulnerable to this attack.

Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html