This is the Print View Page

« Back to Full View

Widespread Vulnerabilities in Programs Using OpenSSL, Bind Security Patch Released

Netcraft

New vulnerabilities have been discovered in multiple programs using OpenSSL, one of the standard cryptography libraries on Linux and Unix systems. Due to a common mistake in checking return values from functions checking digital signatures, several programs may be vulnerable to spoofing of digital signatures.

The most important affected program is ISC Bind, which is the most widely used DNS server on the internet. A flaw in its validation of signatures on DNSSEC replies means that the server may be vulnerable to DNS spoofing attacks even where DNSSEC is in use. ISC has released BIND 9.6.0-P1 to fix this bug.

Read full story: Netcraft

Related topics: DNS, DNSSEC, Security

Get our weekly report:

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

No comments have been posted yet.

Home  |  About CircleID  |  Media Coverage  |  CircleID Blog  |  Extras  |  Contact
Copyright © 2002-2012 CircleID. Iomemo, Inc. All rights reserved unless where otherwise noted.
Codes of Conduct  |  Terms of Use  |  Privacy Policy