SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   McAfee Firewall Enterprise Vendors:   McAfee
(McAfee Issues Fix for McAfee Firewall Enterprise (Sidewinder)) ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
SecurityTracker Alert ID:  1027368
SecurityTracker URL:  http://securitytracker.com/id/1027368
CVE Reference:   CVE-2012-1033   (Links to External Site)
Date:  Aug 13 2012
Impact:   Modification of system information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in BIND. A remote user can cause revoked domain names to remain resolvable. McAfee Firewall Enterprise (Sidewinder) is affected.

A remote user can exploit a flaw in the DNS cache update policy to cause a revoked domain name to remain as resolvable after the domain name has been deleted from the domain registry and after the associated TTL has expired.

The original advisory was presented at NDSS 2012 ("Ghost Domain Names: Revoked Yet Still Resolvable").

Jian Jiang, Jinjin Liang, Kang Li, Jun Li, Haixin Duan, and Jianping Wu reported this vulnerability.

Impact:   A remote user can cause revoked domain names to remain resolvable.
Solution:   McAfee has issued a fix (hotfix 70103H04) for McAfee Firewall Enterprise (Sidewinder).

The McAfee advisory is available at:

https://kc.mcafee.com/corporate/index?page=content&id=SB10032

Vendor URL:  www.isc.org/software/bind/advisories/cve-2012-1033 (Links to External Site)
Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Feb 8 2012 ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC