Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31)
From: security () caldera com
Date: Thu, 19 Dec 2002 16:17:40 -0800

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: multiple vulnerabilities in BIND (CERT CA-2002-31)
Advisory number:        CSSA-2002-059.0
Issue date:             2002 December 19
Cross reference:
______________________________________________________________________________


1. Problem Description

        From CERT CA-2002-31:

        Multiple vulnerabilities have been found in BIND (Berkeley
        Internet Name Domain).

        One of these vulnerabilities may allow remote attackers to
        execute arbitrary code with the privileges of the user running
        named, typically root.

        Other vulnerabilities may allow remote attackers to disrupt
        the normal operation of your name server, possibly causing a
        crash.

        A vulnerability in the DNS resolver library may allow remote
        attackers to execute arbitrary code with the privileges of
        applications that issue network name or address requests.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to bind-8.3.4-1.i386.rpm
                                        prior to bind-doc-8.3.4-1.i386.rpm
                                        prior to bind-utils-8.3.4-1.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to bind-8.3.4-1.i386.rpm
                                        prior to bind-doc-8.3.4-1.i386.rpm
                                        prior to bind-utils-8.3.4-1.i386.rpm

        OpenLinux 3.1 Server            prior to bind-8.3.4-1.i386.rpm
                                        prior to bind-doc-8.3.4-1.i386.rpm
                                        prior to bind-utils-8.3.4-1.i386.rpm

        OpenLinux 3.1 Workstation       prior to bind-8.3.4-1.i386.rpm
                                        prior to bind-doc-8.3.4-1.i386.rpm
                                        prior to bind-utils-8.3.4-1.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-059.0/RPMS

        4.2 Packages

        dbade93f9de80c9d05dafdb010c51f0f        bind-8.3.4-1.i386.rpm
        077c5888f3c3f3074bcb12c79c9c97ec        bind-doc-8.3.4-1.i386.rpm
        dfad9dd9bea8a88ba1958e68b6b255a7        bind-utils-8.3.4-1.i386.rpm

        4.3 Installation

        rpm -Fvh bind-8.3.4-1.i386.rpm
        rpm -Fvh bind-doc-8.3.4-1.i386.rpm
        rpm -Fvh bind-utils-8.3.4-1.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-059.0/SRPMS

        4.5 Source Packages

        73b4995cc2c66829aca6e2e181b1de2f        bind-8.3.4-1.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-059.0/RPMS

        5.2 Packages

        0816f38b7ffacae029944eefae8a6fef        bind-8.3.4-1.i386.rpm
        0b514bae1d74d281969b55b9e84e9056        bind-doc-8.3.4-1.i386.rpm
        328c16be821f03f048701072bea4c290        bind-utils-8.3.4-1.i386.rpm

        5.3 Installation

        rpm -Fvh bind-8.3.4-1.i386.rpm
        rpm -Fvh bind-doc-8.3.4-1.i386.rpm
        rpm -Fvh bind-utils-8.3.4-1.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-059.0/SRPMS

        5.5 Source Packages

        763945e1c5e05dfa2146f2acb6725556        bind-8.3.4-1.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-059.0/RPMS

        6.2 Packages

        89d9ba24ca8adcc2e6e791abea0f5df4        bind-8.3.4-1.i386.rpm
        ba283adcfc05258e3721d0ca579f47b1        bind-doc-8.3.4-1.i386.rpm
        82b68b5152da23bcc376ae2514a75f14        bind-utils-8.3.4-1.i386.rpm

        6.3 Installation

        rpm -Fvh bind-8.3.4-1.i386.rpm
        rpm -Fvh bind-doc-8.3.4-1.i386.rpm
        rpm -Fvh bind-utils-8.3.4-1.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-059.0/SRPMS

        6.5 Source Packages

        ddd2198ec937e0ba50313c595f08817b        bind-8.3.4-1.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-059.0/RPMS

        7.2 Packages

        7c263440991263144153d218d458e7ff        bind-8.3.4-1.i386.rpm
        1d5a28636c90eea847fbad88d966ac6c        bind-doc-8.3.4-1.i386.rpm
        1543644de1b99e07aaa32b50342d8105        bind-utils-8.3.4-1.i386.rpm

        7.3 Installation

        rpm -Fvh bind-8.3.4-1.i386.rpm
        rpm -Fvh bind-doc-8.3.4-1.i386.rpm
        rpm -Fvh bind-utils-8.3.4-1.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-059.0/SRPMS

        7.5 Source Packages

        09918127df81de1874ec96628bf45695        bind-8.3.4-1.src.rpm


8. References

        Specific references for this advisory:

                http://www.cert.org/advisories/CA-2002-31.html
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr871561, fz526618,
        erg712159.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31) security (Dec 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]