Mandriva Linux Security Advisory : bind (MDVSA-2009:037)
Medium Nessus Plugin ID 36346
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionInternet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265).
SolutionUpdate the affected packages.