安全研究
安全漏洞
ISC BIND可预测DNS查询ID漏洞
发布日期:2007-07-24
更新日期:2007-07-25
受影响系统:
ISC BIND < 9.4.1不受影响系统:
ISC BIND 9.4.1描述:
BUGTRAQ ID: 25037
CVE(CAN) ID: CVE-2007-2926
ISC BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum(www.nominum.com)公司来完成。
BIND 9事件ID的生成算法实现上存在漏洞,远程攻击者可能利用此漏洞影响DNS的缓存。
BIND 9的事件ID是非随机的,攻击者只需观察ID的最后几个值就可以预测下一个ID值。如果要执行这种攻击,攻击者要创建拥有特制权威DNS服务器的域,然后通过各种方法强制缓存DNS服务器向其DNS服务器发送几个DNS请求,这样就可以收集一些事件ID的值。
其中的一种攻击技术是要求最后的事件ID为偶数,平均每2个DNS查询中就会有一个事件ID为偶数;然后攻击者就可以通过简单的算法计算出10个下一个ID值候选,与65,536次猜测相比这就大大的降低了猜测空间。
如果猜测到了查询ID攻击者就可以破坏DNS缓存,进而执行中间人的攻击。
<*来源:Amit Klein (Amit.Klein@SanctumInc.com)
链接:http://secunia.com/advisories/26152/
http://www.trusteer.com/docs/bind9dns.html
http://www.isc.org/index.pl?/sw/bind/bind-security.php
https://www.redhat.com/support/errata/RHSA-2007-0740.html
http://www.debian.org/security/2007/dsa-1341
http://www.debian.org/security/2007/dsa-1342
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103018-1
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:07.bind.asc
http://r.your.hp.com/r/c/r?2.1.HX.2XR.1M92gO.CuyCVS..T.ErK6.27KY.DTeAEYF0
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://www.trusteer.com/docs/bind9dns.html
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1342-2)以及相应补丁:
DSA-1342-2:New bind9 packages fix DNS cache poisoning
链接:http://www.debian.org/security/2007/dsa-1342
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3.dsc
Size/MD5 checksum: 741 1fa2bc8b46a0411cd491c0473105a342
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3.diff.gz
Size/MD5 checksum: 101841 7adc3b3d1c7c87908a73e7d2456985bb
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4.orig.tar.gz
Size/MD5 checksum: 4564219 2ccbddbab59aedd6b8711b628b5472bd
Architecture independent components:
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.2.4-1sarge3_all.deb
Size/MD5 checksum: 156958 0340dcd085472e06ec9dad363f80ebeb
Alpha architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 308078 52d70058f6114eece5f5429dd774fef4
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 96950 e057773683872381ec4eff92b14ffcf6
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 169214 c8153e9d86913b5a6c0778b4d73fe4b4
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 1314552 287a71bed4089bb89edd55f6cb27b62b
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 523154 6bb71bf02b9d4ef3931745364a97cc19
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 174190 cc8e2d01bd5abac2cb92b3c9e7962c44
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 79570 5ab2753f2227cccf90a59c24bb1eb9c0
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 94594 136cd50cd8fbc6d9073693938f275d0a
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 97340 99b0751983bf6eef090692e133d0d519
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_alpha.deb
Size/MD5 checksum: 199658 7cfc1d3c2ea61adb79dddb1f1568c907
AMD64 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 288568 5a5f821c4dfe9e919750ec7877223451
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 95946 95faedc2186f40293c46821da0d2ffea
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 165168 a9bdb7b12d44748be590bf6292b18aba
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 1014760 0f682e95f084eff609e65adde4439164
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 490234 3192c3d956d3df8c51e588c45016b0f3
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 164636 81d26e56129ecfc15b6c04111ee83cf0
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 77788 e1023188998136ff2074715294a10382
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 92944 c8e8fb8b6a9bd83fefdc7e9226c7c5d2
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 94100 947534b00f400b9b6641311b900a0885
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_amd64.deb
Size/MD5 checksum: 189188 4cc765360a8d21a8e89daa945eb7453d
ARM architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 277680 cd73ff3c5836ad027e7950069eba547b
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 94084 fa42a6ccbf21ab98f6644a9b3c810282
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 159414 c27c24aaaef0522bac121b8872ba45a7
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 1037426 c41b93ea46c61cd13b1928791727eb7b
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 466072 4ae4a53402cad3cfba45bb3b5d249d0a
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 156826 17f390940fbb0bf6c3866d4039309cc7
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 75764 1574925a0914296854fc8830aeeccdbd
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 88304 f3c1e1a88b7efb2e6bd9f7b00c7c1e74
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 90420 869829ed274cbdfa154e6577e7e4e004
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_arm.deb
Size/MD5 checksum: 182628 d578739558bc697c16327f42ddf26978
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 276544 64ca5ef977558b9285edf566a94814cd
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 93858 597a51f25f9fd80d7caabc1769d31c1d
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 158670 70d5cd53971f696002b8442900eae50a
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 955636 ed02b89b85afd0a0673b6cd5da14b851
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 459738 bf2027e9d8f0c7248d5b9c2ff9456363
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 154000 2f168be9dc8375bfa1e3ff3fae2a6a63
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 76272 c539fdb6acc7b6ed46a39fa153eab1c5
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 88566 663bea9b196c95975cce3bedc955d95d
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 91854 360f7264f25229d894e7f54d2823d15f
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_i386.deb
Size/MD5 checksum: 182562 dbe15064e007ab38e99b0a6fc9cca0fa
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 358644 a754395fd648e5c642d12a7b27d4dc82
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 104626 e47db0abd3cfd6f035594d925969bc69
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 191392 562e8742d24370c60d36ea49557fbb0d
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 1405690 d7a5752eb04244d32957081d9f375c33
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 657200 ba6610c115c2849b0df040e6c1a272e8
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 202876 2c390be4f29c6d1ab68c86b36a8edee0
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 82884 1f1d72e68809277b3bc16f91770a6155
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 100614 77e8658ddd7febb0712161c1b2e6844a
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 105584 b6bb791654abf1420fb9e84cb12f91c6
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_ia64.deb
Size/MD5 checksum: 237662 227f7ab1aab61f504fe8315f63db2e44
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 262742 8804d245acdb74f7b4d52a99ebbe05ee
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 91962 8c9b8e70c7a61f9a1d2b40c85c466024
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 153920 7a62c842594b54c382f6de26b40a6784
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 880446 f0fb1e744f4052ce1476e1f39a2dd853
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 417972 2971a9046d321176516cc4191efd96dd
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 147238 dbf8c047ab65840729bb47c79a11267f
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 75328 5d3ab93eb0a80115f3c9d2f2ddf50e31
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 89690 dc26bf251ef1ea03e8057f20d477cc63
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 89716 9159b8ca3841f135c76f69f539314428
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_m68k.deb
Size/MD5 checksum: 169830 81596024ee2ab158a66e5ea60e3dc1b7
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 288634 698e8151d8eadb2c947bf3fd0b93975d
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 92098 a1ce6e0be88dd7cd3f3d6cd47c39b2f8
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 154670 7dc88e61a2bace9d60562b98f41bd2f9
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 1088552 ed78389c8c1ac12e05f6862db19dfd84
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 455626 9a5eb8f661633ccb926902887552ede5
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 156872 5e2453f485ff3b1d3a6cc7053c58e518
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 76710 d7d15da3372ef950bacfe70c24d8db6b
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 89612 57ae2447f221b40755c3dc0cdb8ac794
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 91652 32a7ed0dd85de81ba1caf47cb2389a46
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_mipsel.deb
Size/MD5 checksum: 181660 bc84952a85fba07b444ffe9ba3afa861
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 295738 7f9b8a22ae80f4a07d2684c94ee962bb
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 96376 bb99de7839b8c479d146b075cda4eec7
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 167250 ce835a47bbd8e2e24ce84800f5b5e207
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 1002430 42bec7cdeecdd61dbc641a1231f1b389
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 488760 17eb351a64465ea0b3d0110afccb1dd5
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 166296 07fe033391d502cbfd7abba33d6d8d0c
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 78182 f0645ab02f9471efe5edec67b8c0f74e
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 94742 f18ae647e743abedd9609455e80a9bec
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 93984 0adfd8465e0e1ec136d8feed953ccf8a
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_s390.deb
Size/MD5 checksum: 193682 a9c9ae3b50383e9de32900b086e640c2
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 275498 5cfcadc9ffb2e2c8f4f7b7b0e52d65bc
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 94152 83b1a427fad05d8469b786fc0a2729c0
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 159912 907859f8dc9c4b4701c5e232b0d9f18e
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 1029066 811bb1289ece437352ce4f47f00e8690
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 457612 0e91a40c9bee61b6f4d1e0797ac63f22
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 158394 7d02a9f43974287cedbbf7dbdfa7d6ad
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 76058 6a93553152a886566ead1c41b03161a1
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 89468 89542f6aca78589bf139cea4fbf29d97
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 91094 ccec458566cc570211c7add9866db5f0
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_sparc.deb
Size/MD5 checksum: 181046 0bf943fbc04728032c7add5e74283ac6
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.dsc
Size/MD5 checksum: 758 428b3a45636c78046dbb77d9335a9973
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.diff.gz
Size/MD5 checksum: 287783 47a34c979ee9db072b37e2ae0ad0bdec
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0
Architecture independent components:
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch1_all.deb
Size/MD5 checksum: 186546 3ac7d54f57348ac941d5e0812ccc12f5
Alpha architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 322456 dfe4b93bc4f56fd5dd0d8e2d1998ad28
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 115188 9e79109d03b06a82561bb3245d85b53c
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 188024 9df9116f4e4d87dd6d1f310506762d05
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 1407446 2c263eb7c5a053db9127f5bb4ea3e63a
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 96012 39238a7c31a2f36fcd55152cf3c3314e
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 566696 a5cb0c0f4e1935fd836d17baed691184
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 189572 8ec031302a94a02a09b0af196bd300dc
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 97650 0075b972a1a8893cd71c66bcaaff95d4
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 111912 cae6cf777332ed408fd6b122198d325f
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 115874 fc5f861aad1689c7aeba2f1f012324ba
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_alpha.deb
Size/MD5 checksum: 225398 f4b2582ac5d26563becd0b83e7f054ba
AMD64 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 317188 4426301631236673c7501c63d7d1be64
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 116584 8485c57afdaefb85a77c2cec61bb0b7b
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 190490 8081ccaac50c67c51e9a49804d22e2f1
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 1110612 dfa5a6f773e5cc985ca15b08cf868afc
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 95162 de0fd449293c68f17886b9fcf8aaf3e0
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 553466 7a6494a6bd042ccf5df4d99d6c5c2542
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 186922 83db82dca4032d2326be7b1bb8624d19
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 95958 76cf006f35ab0fe0d5db1bea77902e7c
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 110608 099dbfa728bbd0ba230362327b96af33
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 113880 b90a561a40975ea4cddd3f59dc2d5a6b
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_amd64.deb
Size/MD5 checksum: 223960 34ce7a0693aadc21ece63efc42717dc3
HP Precision architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 311286 ddc9ebd93f06b76792798a6a5bc01d34
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 115332 36e51f58ed0be288c2ab066bd0e1e763
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 187714 7ade5d593bef956f1dd7769c29f6551f
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 1257768 dcffd2d0af9262b3b3c2d1b8166d9c65
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 96256 c10cd5cc0d827b485e7a6b1d06342992
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 545018 c8a2f5a0a086a858ce4ae4e9c096d28c
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 185090 039d93f2286fa4974c360745f6e7ec89
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 96074 98b897d5f0c8ff086514d86801122d30
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 112556 16330ecebbd5be5dcfbfa7acb67c89aa
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 113746 ccb0abb76e39395ec051eac5b10ab3bb
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_hppa.deb
Size/MD5 checksum: 216754 94ea9e9fc614f3ae44e184d4a070dee8
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 294096 a54d3779c21bc3d3ea13b8991aedd55c
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 112686 91b9f6ad1fe1d3bed4473e844060755d
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 180052 acdaa5225d7a8a46dfa018d33b85917f
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 995710 8d44e9f8b65868d201cc0593c035a0b2
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 94040 208d791ca231d336850b8526b61dc547
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 473758 f0ca4e1c62970bcdb4ca0e4fec82bd20
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 168910 f1be1c9a61bb8c1a7b28a73144a0febc
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 94014 3927f50039cb5a3815d37ee60b8f0805
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 105664 24dd5215d1eb5aabe10f68bd379dfbf5
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 109552 9211a8f796f460cb1674ad233f99f0b8
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_i386.deb
Size/MD5 checksum: 206122 5f581d25b7eac5d9924633c48374cfd9
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 392704 fbb60f8a53e1df4370f6b1fa04dcaa7f
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 125346 d7b91c0fd8c935dc80d5c2f10dfb71cd
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 215892 d8b6b3e6a35d326074763dcb6f2a02d1
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 1585738 f246e3455fdcc4bede6aaa4feb7e5a4c
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 99586 a6a90361dbe16b55fac090b6221bb2b6
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 742434 2d827017a7f76dbaae60ac1c827c7375
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 231552 8968c74dabdb69eeb4091e8a8d4b2139
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 102034 da5aec0bfc2e2f8c659f563a8774596a
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 117356 99c85d5fd4b7790a8a3fbe0b66c55ce8
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 127150 3f764e3176185b773ddfa988105dce93
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_ia64.deb
Size/MD5 checksum: 280214 ca7ba1f13de17522a302538390731a11
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 298960 386cfb4312bfed69a2ed12304609a3ed
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 112532 92eb6f06d4a18dca899f5d23caddea3b
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 179148 4ca657710b1071bac2ebd2a27ac1122c
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 1206278 03496e479c5e92c1e4e6bbb63c54f73b
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 93742 cb50eb9cce7422e8879aa796dfdb7b8d
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 489944 ab86bfaff22e47af0bfd3fc57c0db801
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 173664 03c3008a5493f50b453ac239e843a5db
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 94564 5c1aab5f8cee9fac9e678737b5171ecc
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 106766 7d53ee8d69117fdde48a1074cfdd3f1b
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 109844 13abaab553f3c76403b948fea9d0cc1c
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_mipsel.deb
Size/MD5 checksum: 210372 4bdb416e4876166765b8aa3987d8e339
PowerPC architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 300740 b8f07903829e88e7dd495cb0866a1be4
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 113376 20cdab8f8babc1e60bcc6e34824be459
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 182824 7eb696a4324c5ad3f8b403a977c62c55
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 1169274 289ca4f005063dec3ad819896ba0afb1
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 95760 ca5d0db4143552b8570c766acea14a71
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 490474 ef3bc644324fd9293b8f132e3bdf6eef
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 173214 49a7fec7735be2fa5143280197d2e34d
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 95768 6970420c1ca23d748ed7bdf9efc029e1
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 108868 a0be0fc5c4c666348cc11d3502fa8a30
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 111876 899a074f3970c21cb97e2d0b5a3b3606
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_powerpc.deb
Size/MD5 checksum: 206322 24bce060644edb83c85a83e1c0d81087
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 331352 1d686878f52e8d8a3a1a10dd5d1eeae2
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 117686 53039a718a231df07de1020ae4062d04
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 194230 4fefe9085f9c27fd11f63b944ebe1583
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 1138900 d511892e9f7b30f034d30d9b10722f67
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 95298 6f5505c5815bd05d5acca2a7bc918f52
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 581310 338f8914e14bfdc50835252d76f0fd42
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 196206 543df937ea45c7b5f784c1c952a7f5e0
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 97416 fa1af3cf8a7416f3ed5b7d42c836b8b2
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 113884 2ec66079b2d2e11cf897f0977729a4c1
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 116232 f5fa31d37e78bbb36f73d53da5da27ea
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_s390.deb
Size/MD5 checksum: 233484 1dffc0d674f30381bbe5a7ffdbc30518
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 299544 d87837fe5a3f20c6a14fdf3318dd2262
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 113810 f403041c08435061da227325811fa162
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 183572 8af8396c1de389c5d59c043f957f6ffc
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 1122852 f127cc8eaf19ea1afc0e75d95dddfe01
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 94460 5a3a6e60c48ea5a2430852e8f0bdccde
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 495516 6be9e70176aea0f4103f66638d1ddb4e
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 174856 af7512793320752e3607994adcdf5192
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 94450 607818b14e52d297085cf59f207afce7
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 107158 67c296d0d2ca2bd11260b9433bb8b444
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 110702 0237570eab7e9344b78728b6ff4c3a55
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_sparc.deb
Size/MD5 checksum: 210042 3d5b39b5e149149d314c3d3b0693e057
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-07:07)以及相应补丁:
FreeBSD-SA-07:07:Predictable query ids in named(8)
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-07:07.bind.asc
补丁下载:
执行以下步骤之一:
1) 将有漏洞的系统升级到5-STABLE或6-STABLE,或修改日期之后的RELENG_6_2、RELENG_6_1或RELENG_5_5安全版本。
2) 为当前系统打补丁:
以下补丁确认可应用于FreeBSD 5.5、6.1和6.2系统。
a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。
# fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch.asc
b) 以root执行以下命令:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libarchive
# make obj && make depend && make && make install
# cd /usr/src/rescue
# make obj && make depend && make && make install
HP
--
HP已经为此发布了一个安全公告(HPSBUX02251)以及相应补丁:
HPSBUX02251:SSRT071449 rev.1 - HP-UX Running BIND, Remote DNS Cache Poisoning
链接:http://r.your.hp.com/r/c/r?2.1.HX.2XR.1M92gO.CuyCVS..T.ErK6.27KY.DTeAEYF0
ISC
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.isc.org/sw/dl?pkg=bind9/9.4.1-P1/bind-9.4.1-P1.tar.gz&name=BIND%209.4.1-P1%20Source
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2007:0740-01)以及相应补丁:
RHSA-2007:0740-01:Moderate: bind security update
链接:https://www.redhat.com/support/errata/RHSA-2007-0740.html
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-103018)以及相应补丁:
Sun-Alert-103018:Security Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning Attack
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103018-1
浏览次数:5040
严重程度:0(网友投票)
绿盟科技给您安全的保障