wstuermer
Active Member
Parallels Plesk Panel
BIND has announced a vulnerability that can result in a denial of service (server crash) caused by receipt of a specific remote dynamic update message.
Please be aware that this vulnerability will affect all servers that have Bind 9.7.1 or 9.7.2 installed. Parallels Plesk Panel 9.5 for windows and Parallels Plesk Panel 10 for windows ships with this version of bind and these servers should be upgraded to Bind 9.7.3 immediately.
The vulnerability is described as follows:
https://www.isc.org/software/bind/advisories/cve-2009-0696
"Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.
This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround."
How to upgrade BIND on Plesk Windows see http://kb.parallels.com/5542
We will be providing upgraded versions as a patch and then again in our next major release. We will provide a further update on timing after we have fully scoped the effort.
Be sure to review all of your deployment policies as they relate to all servers with these versions of Bind.
Thanks,
Parallels Plesk Panel Team
©1999-2010 Parallels. Virtualization and Automation Software. All Rights Reserved.
This message was intended for: x@xxx.de. You were added to the system October 26, 2009.
To update you subscription options, click here. Use this link to Unsubscribe.
Parallels, Inc.
500 SW 39th St, Suite 200
Renton, WA 98057
BIND has announced a vulnerability that can result in a denial of service (server crash) caused by receipt of a specific remote dynamic update message.
Please be aware that this vulnerability will affect all servers that have Bind 9.7.1 or 9.7.2 installed. Parallels Plesk Panel 9.5 for windows and Parallels Plesk Panel 10 for windows ships with this version of bind and these servers should be upgraded to Bind 9.7.3 immediately.
The vulnerability is described as follows:
https://www.isc.org/software/bind/advisories/cve-2009-0696
"Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.
This vulnerability affects all servers that are masters for one or more zones – it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround."
How to upgrade BIND on Plesk Windows see http://kb.parallels.com/5542
We will be providing upgraded versions as a patch and then again in our next major release. We will provide a further update on timing after we have fully scoped the effort.
Be sure to review all of your deployment policies as they relate to all servers with these versions of Bind.
Thanks,
Parallels Plesk Panel Team
©1999-2010 Parallels. Virtualization and Automation Software. All Rights Reserved.
This message was intended for: x@xxx.de. You were added to the system October 26, 2009.
To update you subscription options, click here. Use this link to Unsubscribe.
Parallels, Inc.
500 SW 39th St, Suite 200
Renton, WA 98057
Last edited by a moderator: