Bugtraq mailing list archives
Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31)
From: security () caldera com
Date: Thu, 19 Dec 2002 16:17:40 -0800
To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure ()
lists netsys com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: multiple vulnerabilities in BIND (CERT CA-2002-31)
Advisory number: CSSA-2002-059.0
Issue date: 2002 December 19
Cross reference:
______________________________________________________________________________
1. Problem Description
From CERT CA-2002-31:
Multiple vulnerabilities have been found in BIND (Berkeley
Internet Name Domain).
One of these vulnerabilities may allow remote attackers to
execute arbitrary code with the privileges of the user running
named, typically root.
Other vulnerabilities may allow remote attackers to disrupt
the normal operation of your name server, possibly causing a
crash.
A vulnerability in the DNS resolver library may allow remote
attackers to execute arbitrary code with the privileges of
applications that issue network name or address requests.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to bind-8.3.4-1.i386.rpm
prior to bind-doc-8.3.4-1.i386.rpm
prior to bind-utils-8.3.4-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to bind-8.3.4-1.i386.rpm
prior to bind-doc-8.3.4-1.i386.rpm
prior to bind-utils-8.3.4-1.i386.rpm
OpenLinux 3.1 Server prior to bind-8.3.4-1.i386.rpm
prior to bind-doc-8.3.4-1.i386.rpm
prior to bind-utils-8.3.4-1.i386.rpm
OpenLinux 3.1 Workstation prior to bind-8.3.4-1.i386.rpm
prior to bind-doc-8.3.4-1.i386.rpm
prior to bind-utils-8.3.4-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-059.0/RPMS
4.2 Packages
dbade93f9de80c9d05dafdb010c51f0f bind-8.3.4-1.i386.rpm
077c5888f3c3f3074bcb12c79c9c97ec bind-doc-8.3.4-1.i386.rpm
dfad9dd9bea8a88ba1958e68b6b255a7 bind-utils-8.3.4-1.i386.rpm
4.3 Installation
rpm -Fvh bind-8.3.4-1.i386.rpm
rpm -Fvh bind-doc-8.3.4-1.i386.rpm
rpm -Fvh bind-utils-8.3.4-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-059.0/SRPMS
4.5 Source Packages
73b4995cc2c66829aca6e2e181b1de2f bind-8.3.4-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-059.0/RPMS
5.2 Packages
0816f38b7ffacae029944eefae8a6fef bind-8.3.4-1.i386.rpm
0b514bae1d74d281969b55b9e84e9056 bind-doc-8.3.4-1.i386.rpm
328c16be821f03f048701072bea4c290 bind-utils-8.3.4-1.i386.rpm
5.3 Installation
rpm -Fvh bind-8.3.4-1.i386.rpm
rpm -Fvh bind-doc-8.3.4-1.i386.rpm
rpm -Fvh bind-utils-8.3.4-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-059.0/SRPMS
5.5 Source Packages
763945e1c5e05dfa2146f2acb6725556 bind-8.3.4-1.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-059.0/RPMS
6.2 Packages
89d9ba24ca8adcc2e6e791abea0f5df4 bind-8.3.4-1.i386.rpm
ba283adcfc05258e3721d0ca579f47b1 bind-doc-8.3.4-1.i386.rpm
82b68b5152da23bcc376ae2514a75f14 bind-utils-8.3.4-1.i386.rpm
6.3 Installation
rpm -Fvh bind-8.3.4-1.i386.rpm
rpm -Fvh bind-doc-8.3.4-1.i386.rpm
rpm -Fvh bind-utils-8.3.4-1.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-059.0/SRPMS
6.5 Source Packages
ddd2198ec937e0ba50313c595f08817b bind-8.3.4-1.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-059.0/RPMS
7.2 Packages
7c263440991263144153d218d458e7ff bind-8.3.4-1.i386.rpm
1d5a28636c90eea847fbad88d966ac6c bind-doc-8.3.4-1.i386.rpm
1543644de1b99e07aaa32b50342d8105 bind-utils-8.3.4-1.i386.rpm
7.3 Installation
rpm -Fvh bind-8.3.4-1.i386.rpm
rpm -Fvh bind-doc-8.3.4-1.i386.rpm
rpm -Fvh bind-utils-8.3.4-1.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-059.0/SRPMS
7.5 Source Packages
09918127df81de1874ec96628bf45695 bind-8.3.4-1.src.rpm
8. References
Specific references for this advisory:
http://www.cert.org/advisories/CA-2002-31.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr871561, fz526618,
erg712159.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
______________________________________________________________________________
Attachment:
_bin
Description:
Current thread:
- Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31) security (Dec 20)