ALAS-2017-858 ---- bindID: oval:org.secpod.oval:def:1600736 | Date: (C)2017-07-26 (M)2023-12-20 |
Class: PATCH | Family: unix |
Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request. A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet
Platform: |
Amazon Linux AMI |