4482223 1999-11-12 19:50 /180 rader/ Postmaster
Mottagare: Bugtraq (import) <8493>
Ärende: [RHSA-1999:054-01] Security problems in bind
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mail-Followup-To: redhat-watch-list@redhat.com, linux-security@redhat.com
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <19991111153515.A16501@bobby.devel.redhat.com>
Date: Thu, 11 Nov 1999 15:35:15 -0500
Reply-To: Bill Nottingham <notting@REDHAT.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Bill Nottingham <notting@REDHAT.COM>
X-To: redhat-watch-list@redhat.com
X-cc: linux-security@redhat.com, bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Security problems in bind
Advisory ID: RHSA-1999:054-01
Issue date: 1999-11-11
Updated on: 1999-11-11
Keywords: bind named NXT solinger fdmax
Cross references: http://www.isc.org/products/BIND/bind-security-19991108.html
---------------------------------------------------------------------
1. Topic:
Several security vulnerabilities exist in the DNS server, 'bind'.
2. Relevant releases/architectures:
Red Hat Linux 4.x, all platforms
Red Hat Linux 5.x, all platforms
Red Hat Linux 6.x, all platforms
3. Problem description:
Various vulnerabilities exist in previous versions of
bind:
- A bug in the processing of NXT records can theoretically allow
a remote attacker to gain access to the DNS server as the
user running bind (by default, root). This vulnerability
does not affect the bind packages that shipped with
Red Hat Linux 4.2 and Red Hat Linux 5.2.
- Several remote denial-of-service attacks are possible; by
using abnormal TCP options, causing the DNS server to use many
file descriptors, or using special SIG records, it may be possible
to crash the DNS server.
It is recommended that all users of bind upgrade to the latest
packages.
Thanks go to ISC for providing the updated packages.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Uvh <filename>
where filename is the name of the RPM.
5. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info):
6. Obsoleted by:
7. Conflicts with:
8. RPMs required:
Red Hat Linux 4.x:
Intel:
ftp://updates.redhat.com/4.2/i386/bind-8.2.2_P3-0.4.2.i386.rpm
ftp://updates.redhat.com/4.2/i386/bind-devel-8.2.2_P3-0.4.2.i386.rpm
ftp://updates.redhat.com/4.2/i386/bind-utils-8.2.2_P3-0.4.2.i386.rpm
Alpha:
ftp://updates.redhat.com/4.2/alpha/bind-8.2.2_P3-0.4.2.alpha.rpm
ftp://updates.redhat.com/4.2/alpha/bind-devel-8.2.2_P3-0.4.2.alpha.rpm
ftp://updates.redhat.com/4.2/alpha/bind-utils-8.2.2_P3-0.4.2.alpha.rpm
Sparc:
ftp://updates.redhat.com/4.2/sparc/bind-8.2.2_P3-0.4.2.sparc.rpm
ftp://updates.redhat.com/4.2/sparc/bind-devel-8.2.2_P3-0.4.2.sparc.rpm
ftp://updates.redhat.com/4.2/sparc/bind-utils-8.2.2_P3-0.4.2.sparc.rpm
Source packages:
ftp://updates.redhat.com/4.2/SRPMS/bind-8.2.2_P3-0.4.2.src.rpm
Red Hat Linux 5.x:
Intel:
ftp://updates.redhat.com/5.2/i386/bind-8.2.2_P3-0.5.2.i386.rpm
ftp://updates.redhat.com/5.2/i386/bind-devel-8.2.2_P3-0.5.2.i386.rpm
ftp://updates.redhat.com/5.2/i386/bind-utils-8.2.2_P3-0.5.2.i386.rpm
Alpha:
ftp://updates.redhat.com/5.2/alpha/bind-8.2.2_P3-0.5.2.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/bind-devel-8.2.2_P3-0.5.2.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/bind-utils-8.2.2_P3-0.5.2.alpha.rpm
Sparc:
ftp://updates.redhat.com/5.2/sparc/bind-8.2.2_P3-0.5.2.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/bind-devel-8.2.2_P3-0.5.2.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/bind-utils-8.2.2_P3-0.5.2.sparc.rpm
Source packages:
ftp://updates.redhat.com/5.2/SRPMS/bind-8.2.2_P3-0.5.2.src.rpm
Red Hat Linux 6.x:
Intel:
ftp://updates.redhat.com/6.1/i386/bind-8.2.2_P3-1.i386.rpm
ftp://updates.redhat.com/6.1/i386/bind-devel-8.2.2_P3-1.i386.rpm
ftp://updates.redhat.com/6.1/i386/bind-utils-8.2.2_P3-1.i386.rpm
Alpha:
ftp://updates.redhat.com/6.0/alpha/bind-8.2.2_P3-1.alpha.rpm
ftp://updates.redhat.com/6.0/alpha/bind-devel-8.2.2_P3-1.alpha.rpm
ftp://updates.redhat.com/6.0/alpha/bind-utils-8.2.2_P3-1.alpha.rpm
Sparc:
ftp://updates.redhat.com/6.0/sparc/bind-8.2.2_P3-1.sparc.rpm
ftp://updates.redhat.com/6.0/sparc/bind-devel-8.2.2_P3-1.sparc.rpm
ftp://updates.redhat.com/6.0/sparc/bind-utils-8.2.2_P3-1.sparc.rpm
Source packages:
ftp://updates.redhat.com/6.1/SRPMS/bind-8.2.2_P3-1.src.rpm
9. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
85f36ee60d5399199afe7edf9ce18942 i386/bind-8.2.2_P3-0.4.2.i386.rpm
e98ff23ac5cdcd888043697f1db9e353 i386/bind-devel-8.2.2_P3-0.4.2.i386.rpm
287949831c6c61689a74b72e3e079c3b i386/bind-utils-8.2.2_P3-0.4.2.i386.rpm
2b62c4d7e7dee54ecb91fff5297c47b1 alpha/bind-8.2.2_P3-0.4.2.alpha.rpm
06d0fdcca32569dbdb5d3002c253747a alpha/bind-devel-8.2.2_P3-0.4.2.alpha.rpm
e49d10be181ad751924da9cc7c420b45 alpha/bind-utils-8.2.2_P3-0.4.2.alpha.rpm
71ae14362db69894d621bc1a83e1ce87 sparc/bind-8.2.2_P3-0.4.2.sparc.rpm
4c8d988b34242f92233a3aabe82c4849 sparc/bind-devel-8.2.2_P3-0.4.2.sparc.rpm
923af5f384cca91082d76acc29e622ec sparc/bind-utils-8.2.2_P3-0.4.2.sparc.rpm
8be7216693b2bfff239731687c75c7e9 SRPMS/bind-8.2.2_P3-0.4.2.src.rpm
43958baf4d3cdd6ff9739af76ea49247 i386/bind-8.2.2_P3-0.5.2.i386.rpm
40f7819efa41df675337a762a2fa951d
i386/bind-devel-8.2.2_P3-0.5.2.i386.rpm
663b01244e07904cb20df7051a685c01
i386/bind-utils-8.2.2_P3-0.5.2.i386.rpm
ee8c6d9c6d58819846992346e0235b6a alpha/bind-8.2.2_P3-0.5.2.alpha.rpm
ba02b045f964c9a58968ecf144480499
alpha/bind-devel-8.2.2_P3-0.5.2.alpha.rpm
4d411e79d11bee31d2ca8251dc2c26af
alpha/bind-utils-8.2.2_P3-0.5.2.alpha.rpm
78b95b741d02046796547f022e4673f1 sparc/bind-8.2.2_P3-0.5.2.sparc.rpm
400d7a123fbf03239eb8e928a90f0ae6
sparc/bind-devel-8.2.2_P3-0.5.2.sparc.rpm
b1209cdd8fa1fc5770bf66043c246706
sparc/bind-utils-8.2.2_P3-0.5.2.sparc.rpm
5a5e75d61ba6a8804864e4f00e327ec1 SRPMS/bind-8.2.2_P3-0.5.2.src.rpm
f0c2e341fe81310d3031be7e0d67225f i386/bind-8.2.2_P3-1.i386.rpm
4f34e526ec52c94b9cd3411892f920df i386/bind-devel-8.2.2_P3-1.i386.rpm
5cb10493b44f9fe2a9c6667ebe0a0a8f i386/bind-utils-8.2.2_P3-1.i386.rpm
94e19627ae83388e7d4795f45676c4b6 alpha/bind-8.2.2_P3-1.alpha.rpm
06932040ed8b8ff5eb8edb09c069acf9
alpha/bind-devel-8.2.2_P3-1.alpha.rpm
de0fa8d33d877d2ed7f8d26949b4a937
alpha/bind-utils-8.2.2_P3-1.alpha.rpm
54b757c6e240d4c82ca740ac49eb3db7 sparc/bind-8.2.2_P3-1.sparc.rpm
8453658392c3b2a321f7647eb875d5d2
sparc/bind-devel-8.2.2_P3-1.sparc.rpm
9894188ea1e8a5f657f13d940091114d
sparc/bind-utils-8.2.2_P3-1.sparc.rpm
987d55828aab270e14777a034d029cea SRPMS/bind-8.2.2_P3-1.src.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
10. References:
(4482223) ------------------------------------------(Ombruten)
4482302 1999-11-12 20:34 /38 rader/ Postmaster
Mottagare: Bugtraq (import) <8499>
Ärende: Re: [RHSA-1999:054-01] Security problems in bind
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Sender: jhardin@gypsy.rubyriver.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.10.9911111336510.24861-100000@gypsy.rubyriver.com>
Date: Thu, 11 Nov 1999 13:39:06 -0800
Reply-To: "John D. Hardin" <jhardin@WOLFENET.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: "John D. Hardin" <jhardin@WOLFENET.COM>
X-To: redhat-watch-list@redhat.com
X-cc: linux-security@redhat.com, bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991111153515.A16501@bobby.devel.redhat.com>
On Thu, 11 Nov 1999, Bill Nottingham wrote:
{massive snippage}
> ftp://.../bind-8.2.2_P3-0.4.2.i386.rpm
-------------------------^^
There was mention on Bugtraq that patch 3 broke zone transfers and
that patch 4 should be used instead. Will we see that release shortly?
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin@wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Monty Python's Star Trek Voyager:
A successful trans-warp experiment turns Paris and Janeway into
newts, but they get better.
...wait a minute... It's already been done...
-----------------------------------------------------------------------
6 days until Leonid meteor shower
(4482302) ------------------------------------------
4484644 1999-11-14 04:05 /38 rader/ Postmaster
Mottagare: Bugtraq (import) <8510>
Ärende: Re: [RHSA-1999:054-01] Security problems in bind
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
Mail-Followup-To: "John D. Hardin" <jhardin@WOLFENET.COM>
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <19991113083612.D5578@vr.net>
Date: Sat, 13 Nov 1999 08:36:13 -0500
Reply-To: Gregory A Lundberg <lundberg@VR.NET>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Gregory A Lundberg <lundberg@VR.NET>
X-To: "John D. Hardin" <jhardin@WOLFENET.COM>
X-cc: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9911111336510.24861-100000@gypsy.rubyriver.com>
from John D. Hardin on Thu, Nov 11, 1999 at 01:39:06PM -0800
On Thu, Nov 11, 1999 at 01:39:06PM -0800, John D. Hardin wrote:
> On Thu, 11 Nov 1999, Bill Nottingham wrote:
>
> > ftp://.../bind-8.2.2_P3-0.4.2.i386.rpm
> -------------------------^^
>
> There was mention on Bugtraq that patch 3 broke zone transfers and
> that patch 4 should be used instead. Will we see that release shortly?
It's been up on the ISC FTP server for several days.
The patch for named-xfer is named 'patch4' but if negltected to bump the
version number. So, unless you do it yourself, you'll still show as P3.
--
Gregory A Lundberg Senior Partner, VRnet Company
1441 Elmdale Drive lundberg@vr.net
Kettering, OH 45409-1615 USA 1-800-809-2195
(4484644) ------------------------------------------