{"id":179,"date":"2015-07-29T09:14:49","date_gmt":"2015-07-29T14:14:49","guid":{"rendered":"https:\/\/10.252.76.154\/?p=179"},"modified":"2015-09-29T16:37:42","modified_gmt":"2015-09-29T21:37:42","slug":"csirt-panama-aviso-2015-07-vulnerabilidad-en-bind-cve-2015-5477","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=179","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2015-07- Vulnerabilidad en BIND (CVE-2015-5477)"},"content":{"rendered":"

CSIRT Panam\u00e1 Aviso 2015-07- Vulnerabilidad en BIND (CVE-2015-5477)
\nGravedad: Alta
\nFecha de publicaci\u00f3n: Julio 29, 2015
\nFecha de modificaci\u00f3n: Julio 29, 2015
\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.
\nFuente: Avisos de Seguridad de ISC<\/p>\n

Sistemas Afectados<\/p>\n

Las siguientes versiones de BIND son afectadas por esta vulnerabilidad:
\n– 9.1.0 -> 9.8.x
\n– 9.9.0 -> 9.9.7-P1
\n– 9.10.0 -> 9.10.2-P2<\/p>\n

I. Descripci\u00f3n
\nLa organizaci\u00f3n ISC, (Internet Systems Consortium, por sus siglas en ingl\u00e9s) encargada de dar mantenimiento al software BIND; ha publicado una vulnerabilidad que afecta todas las versiones de BIND 9. Esta vulnerabilidad consiste en un error en el manejo de las consultas tipo TKEY; en donde un atacante podr\u00eda explotar como un vector de un ataque para realizar una negaci\u00f3n de servicio (DoS).
\nLos servidores recursivos y autoritativos son vulnerables a esta vulnerabilidad, adicionalmente cabe se\u00f1alar que las pol\u00edtcas de acceso u opciones de configuraci\u00f3n como el establecimiento de l\u00edmites de conexi\u00f3n no ayudan a prevenir esta vulnerabilidad. Se recomienda actualizar los mas pronto posible a la versi\u00f3n mas reciente de BIND.<\/p>\n

II. Impacto
\nComplejidad de acceso: Baja
\nAutenticaci\u00f3n: No requerida para explotarla
\nTipo de impacto: Compromiso total de la disponibilidad del sistema<\/p>\n

III. Referencia a soluciones, herramientas e informaci\u00f3n
\nhttps:\/\/kb.isc.org\/article\/AA-01272
\nhttps:\/\/security-tracker.debian.org\/tracker\/CVE-2015-5477
\nhttps:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2015-5477
\nhttp:\/\/www.isc.org\/downloads\/<\/p>\n

IV. Informaci\u00f3n de contacto
\nCSIRT PANAMA
\nAutoridad Nacional para la Innovaci\u00f3n Gubernamental
\nE-Mail: info@cert.pa
\nWeb: https:\/\/www.cert.pa<\/p>\n

—–BEGIN PGP PUBLIC KEY BLOCK—–
\nVersion: GnuPG v2.0.17 (MingW32)<\/p>\n

mQENBE8C9KoBCAClkvrtdD08B1YgIntnK241GmWY7fRWtPn\/QIEG1+TLokEuOhw+
\nGq\/lK\/4NP9RzqpD57LcRUBiGgTmO\/5C9xkhVmxz2jid0h03fLorC84rAk2pOjr0i
\npbltETq9RCGhOWp13OV22x2yiIedBi05bzw3F+uLHhn9xKjmpBuZB6WO\/TuD52DH
\nKRZtwSvoaa61vL0bGnIf3lNGWkALWEC3lGBppby4D05N2FNfgfOFr1yOpxTaRaDh
\n4kOnoAEWVzppkTPyqSOkwXmgdma8D9yqD41Ffu8ypGTv+OOVO7jDq8tx9wVZEU+w
\npqBTzQcf0P0K7qO3igdHQxqHmqXsaJpbmvCBABEBAAG0KkNTSVJUIFBhbmFtYSAo
\nQ1NJUlQgUGFuYW1hKSA8aW5mb0BjZXJ0LnBhPokBOAQTAQIAIgUCTwL0qgIbDwYL
\nCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2YlXchbysSSPSQgAooUy3qSR\/YX2
\nH3USJ5VzrmnraHg5LIWRPIBD1PGrswjLE8hxdobPU\/uzi9LWnEcDscfFVKM\/K0Jt
\nbjeoESqCVFlpE0YXJWdDhy0m2WM410sDE2HVXbPhWGqrNeDb0VUV\/LWag1yYTj5w
\nkkxma4Tk5TqlhgL5su2PpjtTdFSHYD4N+4mu7g1GhRrrpz+u7ZRm3b\/WkAJg5FIg
\nU0MpPqUGAF5\/pc02ZB10FdxDwWyXAkwYUN+zfLiKzKOrBGkEw9+jvFGU+z76P9Zk
\n1XJIexpmkBYTxc+TOclhAp\/3HP4taoBHRMoR1q1YhdC++UgRSLmPLGn\/AB707JzN
\nQ80++q2kWQ==
\n=JUYg
\n—–END PGP PUBLIC KEY BLOCK—–<\/p>\n","protected":false},"excerpt":{"rendered":"

CSIRT Panam\u00e1 Aviso 2015-07- Vulnerabilidad en BIND (CVE-2015-5477) Gravedad: Alta Fecha de publicaci\u00f3n: Julio 29, 2015 Fecha de modificaci\u00f3n: Julio 29, 2015 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: Avisos de Seguridad de ISC Sistemas Afectados Las…<\/p>\n","protected":false},"author":4,"featured_media":295,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[8,25,26],"class_list":["post-179","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-avisos","tag-bind","tag-dns"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=179"}],"version-history":[{"count":2,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/179\/revisions"}],"predecessor-version":[{"id":327,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/179\/revisions\/327"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/295"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}