[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021114101829.05F3311D304@juggernaut.guardiandigital.com>
From: security at guardiandigital.com (EnGarde Secure Linux)
Subject: [ESA-20021114-029] BIND buffer overflow, DoS attacks.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory November 14, 2002 |
| http://www.engardelinux.org/ ESA-20021114-029 |
| |
| Packages: bind-chroot, bind-chroot-utils |
| Summary: buffer overflow, DoS attacks. |
+------------------------------------------------------------------------+
EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, e-commerce, and integrated open source
security tools.
OVERVIEW
- --------
Several vulnerabilities were found in the BIND nameserver. The
vulnerabilities, discovered by ISS, range from buffer overflows to
denial of service (DoS) attacks.
The summaries below are from the ISS advisory which may be found at:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
* CAN-2002-1219 -- BIND SIG Cached RR Overflow Vulnerability
"A buffer overflow exists in BIND 4 and 8 that may lead to remote
compromise of vulnerable DNS servers. An attacker who controls any
authoritative DNS server may cause BIND to cache DNS information
within its internal database, if recursion is enabled. Recursion is
enabled by default unless explicitly disabled via command line
options or in the BIND configuration file. Attackers must either
create their own name server that is authoritative for any domain,
or compromise any other authoritative server with the same criteria.
Cached information is retrieved when requested by a DNS client. There
is a flaw in the formation of DNS responses containing SIG resource
records (RR) that can lead to buffer overflow and execution of
arbitrary code."
* CAN-2002-1220 -- BIND OPT DoS
"Recursive BIND 8 servers can be caused to abruptly terminate due to
an assertion failure. A client requesting a DNS lookup on a
nonexistent sub- domain of a valid domain name may cause BIND 8 to
terminate by attaching an OPT resource record with a large UDP
payload size. This DoS may also be triggered for queries on domains
whose authoritative DNS servers are unreachable."
* CAN-2002-1221 -- BIND SIG Expiry Time DoS
"Recursive BIND 8 servers can be caused to abruptly terminate due to a
null pointer dereference. An attacker who controls any authoritative
name server may cause vulnerable BIND 8 servers to attempt to cache
SIG RR elements with invalid expiry times. These are removed from the
BIND internal database, but later improperly referenced, leading to a
DoS condition."
All users should upgrade as soon as possible.
SOLUTION
- --------
Users of the EnGarde Professional edition can use the Guardian Digital
Secure Network to update their systems automatically.
EnGarde Community users should upgrade to the most recent version
as outlined in this advisory. Updates may be obtained from:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/
Before upgrading the package, the machine must either:
a) be booted into a "standard" kernel; or
b) have LIDS disabled.
To disable LIDS, execute the command:
# /sbin/lidsadm -S -- -LIDS_GLOBAL
To install the updated package, execute the command:
# rpm -Uvh files
You must now update the LIDS configuration by executing the command:
# /usr/sbin/config_lids.pl
To re-enable LIDS (if it was disabled), execute the command:
# /sbin/lidsadm -S -- +LIDS_GLOBAL
To verify the signatures of the updated packages, execute the command:
# rpm -Kv files
UPDATED PACKAGES
- ----------------
These updated packages are for EnGarde Secure Linux Community
Edition.
Source Packages:
SRPMS/bind-chroot-8.2.6-1.0.29.src.rpm
MD5 Sum: 3c845d09bcbe9b07e5395d75a8686689
Binary Packages:
i386/bind-chroot-8.2.6-1.0.29.i386.rpm
MD5 Sum: 0c1daf47be94ae0fd5a29e4007bf68c2
i386/bind-chroot-utils-8.2.6-1.0.29.i386.rpm
MD5 Sum: 58e0e54d895b8dc3c6f6b5e9228912fb
i686/bind-chroot-8.2.6-1.0.29.i686.rpm
MD5 Sum: 84cb58f02d228859a2fbda3ed1b46dd5
i686/bind-chroot-utils-8.2.6-1.0.29.i686.rpm
MD5 Sum: 20fb3e4a34cecb431511308afe027941
REFERENCES
- ----------
Guardian Digital's public key:
http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
BIND's Official Web Site:
http://www.isc.org/products/BIND/
Security Contact: security@...rdiandigital.com
EnGarde Advisories: http://www.engardelinux.org/advisories.html
- --------------------------------------------------------------------------
$Id: ESA-20021114-029-bind-chroot,v 1.4 2002/11/14 10:02:51 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@...rdiandigital.com>
Copyright 2002, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE903h0HD5cqd57fu0RAgQ2AJ4h+6JBMcFRlC3vKwfRi7dnMRE69ACbBQoO
jReNCYKqxnuwuvOLsRqhznY=
=9v8+
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe email engarde-security-request@...ardelinux.org
with "unsubscribe" in the subject of the message.
Copyright(c) 2002 Guardian Digital, Inc. EnGardeLinux.org
------------------------------------------------------------------------
Powered by blists - more mailing lists