lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030910151805.A27317@caldera.com>
Date: Wed, 10 Sep 2003 15:18:05 -0700
From: security@....com
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com,
   announce@...ts.caldera.com
Subject: [UPDATED] OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple Remote Vulnerabilities in BIND



To: full-disclosure@...ts.netsys.com bugtraq@...urityfocus.com announce@...ts.caldera.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple Remote Vulnerabilities in BIND
Advisory number: 	CSSA-2003-SCO.17.1
Issue date: 		2003 September 10
Cross reference:	sr871560 fz526617 erg712158
______________________________________________________________________________


1. Problem Description

	ISS X-Force has discovered several serious vulnerabilities
	in the Berkeley Internet Name Domain Server (BIND). BIND
	is the most common implementation of the DNS (Domain Name
	Service) protocol, which is used on the vast majority of
	DNS servers on the Internet. DNS is a vital Internet protocol
	that maintains a database of easy-to-remember domain names
	(host names) and their corresponding numerical IP addresses.

	Impact: The vulnerabilities described in this advisory
	affect nearly all currently deployed recursive DNS servers
	on the Internet. The DNS network is considered a critical
	component of Internet infrastructure. There is no information
	implying that these exploits are known to the computer
	underground, and there are no reports of active attacks.
	If exploits for these vulnerabilities are developed and
	made public, they may lead to compromise and DoS attacks
	against vulnerable DNS servers. Since the vulnerability is
	widespread, an Internet worm may be developed to propagate
	by exploiting the flaws in BIND. Widespread attacks against
	the DNS system may lead to general instability and inaccuracy
	of DNS data. 

	Affected Versions: 

	BIND SIG Cached RR Overflow Vulnerability 
		BIND 8, versions up to and including 8.3.3-REL
		BIND 4, versions up to and including 4.9.10-REL 

	BIND OPT DoS 
		BIND 8, versions 8.3.0 up to and including 8.3.3-REL

	BIND SIG Expiry Time DoS 
		BIND 8, versions up to and including 8.3.3-REL 

	Description: 

	BIND SIG Cached RR Overflow Vulnerability

	A buffer overflow exists in BIND 4 and 8 that may lead to
	remote compromise of vulnerable DNS servers. An attacker
	who controls any authoritative DNS server may cause BIND
	to cache DNS information within its internal database, if
	recursion is enabled. Recursion is enabled by default unless
	explicitly disabled via command line options or in the BIND
	configuration file. Attackers must either create their own
	name server that is authoritative for any domain, or
	compromise any other authoritative server with the same
	criteria. Cached information is retrieved when requested
	by a DNS client. There is a flaw in the formation of DNS
	responses containing SIG resource records (RR) that can
	lead to buffer overflow and execution of arbitrary code.

	BIND OPT DoS 

	Recursive BIND 8 servers can be caused to
	abruptly terminate due to an assertion failure. A client
	requesting a DNS lookup on a nonexistent sub- domain of a
	valid domain name may cause BIND 8 to terminate by attaching
	an OPT resource record with a large UDP payload size. This
	DoS may also be triggered for queries on domains whose
	authoritative DNS servers are unreachable. 

	BIND SIG Expiry Time DoS 

	Recursive BIND 8 servers can be caused to abruptly
	terminate due to a null pointer dereference. An attacker
	who controls any authoritative name server may cause
	vulnerable BIND 8 servers to attempt to cache SIG RR elements
	with invalid expiry times. These are removed from the BIND
	internal database, but later improperly referenced, leading
	to a DoS condition. 

	The Common Vulnerabilities and Exposures
	(CVE) project has assigned the following names to these
	issues. These are candidates for inclusion in the CVE list
	(http://cve.mitre.org), which standardizes names for security
	problems. 

	CAN-2002-1219 BIND SIG Cached RR Overflow Vulnerability 
	CAN-2002-1220 BIND OPT DoS 
	CAN-2002-1221 BIND SIG Expiry Time DoS 

	ISC BIND
	http://www.isc.org/products/BIND


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	OpenServer 5.0.7 	
				etc/named
				etc/named-xfer
				etc/dig
				etc/host
				etc/nsupdate
				etc/dnsquery
				etc/addr

	OpenServer 5.0.6 
				etc/named
				etc/named-xfer
				etc/dig
				etc/host
				etc/nsupdate
				etc/dnsquery
				etc/addr

	OpenServer 5.0.5 	
				etc/named
				etc/named-xfer
				etc/dig
				etc/host
				etc/nsupdate
				etc/dnsquery
				etc/addr


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.7

	4.1 Install Maintenance pack 1.

	4.2 Location of Maintenance pack 1.

	ftp://ftp.sco.com/pub/openserver5/osr507mp/

	4.3 Installing Maintenance pack 1.

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


5. OpenServer 5.0.6

	5.1 First install oss646b - Execution Environment Supplement

	5.2 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.17


	5.3 Verification

	MD5 (VOL.000.000) = 9e8b7bd8eab2ec474b51add1217a945f

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.


6. OpenServer 5.0.5

	6.1 First install oss646b - Execution Environment Supplement

	6.2 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.17


	6.3 Verification

	MD5 (VOL.000.000) = 9e8b7bd8eab2ec474b51add1217a945f

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	6.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.

8. References

	Specific references for this advisory:
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220 
		http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 
		http://www.isc.org/products/BIND/bind-security.html 
		http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr871560 fz526617 erg712158.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


10. Acknowledgments

	These vulnerabilities were discovered and researched by
	Neel Mehta of the ISS X-Force.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/X5OnaqoBO7ipriERAluRAJ0eDTa5L/x17if4aVNDXyxBO3SJ2QCcCE/6
b6VVwa/XrxyqWUfn4Jc3MZs=
=qgGb
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ