USN-706-1 -- bind9 vulnerability
|ID: oval:org.secpod.oval:def:700459||Date: (C)2011-05-13 (M)2017-10-04|
|Class: PATCH||Family: unix|
It was discovered that Bind did not properly perform certificate verification. When DNSSEC with DSA certificates are in use, a remote attacker could exploit this to bypass certificate validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.