漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Security Fix(es): A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142 , CVE-2017-3143 )
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-858 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on i686)
ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on x86_64)
ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on src)
0daybank
文章评论