USN-706-1: Bind vulnerability

01-08-2009

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-706-1: Bind vulnerability

Referenced CVEs:
CVE-2009-0025

Description:
===========================================================Ubuntu Security Notice USN-706-1 January 09, 2009bind9 vulnerabilityCVE-2009-0025===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.6Ubuntu 7.10: libdns32 1:9.4.1-P1-3ubuntu2.1Ubuntu 8.04 LTS: libdns35 1:9.4.2.dfsg.P2-2ubuntu0.1Ubuntu 8.10: libdns43 1:9.5.0.dfsg.P2-1ubuntu3.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Bind did not properly perform certificate verification.When DNSSEC with DSA certificates are in use, a remote attacker could exploitthis to bypass certificate validation to spoof DNS entries and poison DNScaches. Among other things, this could lead to misdirected email and webtraffic.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LDAP_BIND(3) 1 LDAP_BIND(3) ldap_bind - Bind to LDAP directory SYNOPSIS
bool ldap_bind NULL NULL (resource $link_identifier, [string $bind_rdn], [string $bind_password]) DESCRIPTION
Binds to the LDAP directory with specified RDN and password. PARAMETERS
o $link_identifier - An LDAP link identifier, returned by ldap_connect(3). o $bind_rdn - o $bind_password - If $bind_rdn and $bind_password are not specified, an anonymous bind is attempted. RETURN VALUES
Returns TRUE on success or FALSE on failure. EXAMPLES
Example #1 Using LDAP Bind <?php // using ldap bind $ldaprdn = 'uname'; // ldap rdn or dn $ldappass = 'password'; // associated password // connect to ldap server $ldapconn = ldap_connect("ldap.example.com") or die("Could not connect to LDAP server."); if ($ldapconn) { // binding to ldap server $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass); // verify binding if ($ldapbind) { echo "LDAP bind successful..."; } else { echo "LDAP bind failed..."; } } ?> Example #2 Using LDAP Bind Anonymously <?php //using ldap bind anonymously // connect to ldap server $ldapconn = ldap_connect("ldap.example.com") or die("Could not connect to LDAP server."); if ($ldapconn) { // binding anonymously $ldapbind = ldap_bind($ldapconn); if ($ldapbind) { echo "LDAP bind anonymous successful..."; } else { echo "LDAP bind anonymous failed..."; } } ?> SEE ALSO
ldap_unbind(3). PHP Documentation Group LDAP_BIND(3)

Security Advisories (RSS)

USN-706-1: Bind vulnerability

LEARN ABOUT PHP

ldap_bind