lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021114101829.05F3311D304@juggernaut.guardiandigital.com>
From: security at guardiandigital.com (EnGarde Secure Linux)
Subject: [ESA-20021114-029] BIND buffer overflow, DoS attacks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory               November 14, 2002 |
| http://www.engardelinux.org/                          ESA-20021114-029 |
|                                                                        |
| Packages: bind-chroot, bind-chroot-utils                               |
| Summary:  buffer overflow, DoS attacks.                                |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, e-commerce, and integrated open source
  security tools.

OVERVIEW
- --------
  Several vulnerabilities were found in the BIND nameserver.  The
  vulnerabilities, discovered by ISS, range from buffer overflows to
  denial of service (DoS) attacks.

  The summaries below are from the ISS advisory which may be found at:

    http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

  * CAN-2002-1219 -- BIND SIG Cached RR Overflow Vulnerability

    "A buffer overflow exists in BIND 4 and 8 that may lead to remote
     compromise of vulnerable DNS servers. An attacker who controls any
     authoritative DNS server may cause BIND to cache DNS information
     within its internal database, if recursion is enabled. Recursion is
     enabled by default unless explicitly disabled via command line
     options or in the BIND configuration file. Attackers must either
     create their own name server that is authoritative for any domain,
     or compromise any other authoritative server with the same criteria.
     Cached information is retrieved when requested by a DNS client. There
     is a flaw in the formation of DNS responses containing SIG resource
     records (RR) that can lead to buffer overflow and execution of
     arbitrary code."

  * CAN-2002-1220 -- BIND OPT DoS

    "Recursive BIND 8 servers can be caused to abruptly terminate due to
     an assertion failure. A client requesting a DNS lookup on a
     nonexistent sub- domain of a valid domain name may cause BIND 8 to
     terminate by attaching an OPT resource record with a large UDP
     payload size. This DoS may also be triggered for queries on domains
     whose authoritative DNS servers are unreachable."

  * CAN-2002-1221 -- BIND SIG Expiry Time DoS

    "Recursive BIND 8 servers can be caused to abruptly terminate due to a
     null pointer dereference. An attacker who controls any authoritative
     name server may cause vulnerable BIND 8 servers to attempt to cache
     SIG RR elements with invalid expiry times. These are removed from the
     BIND internal database, but later improperly referenced, leading to a
     DoS condition."

  All users should upgrade as soon as possible.

SOLUTION
- --------
  Users of the EnGarde Professional edition can use the Guardian Digital
  Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
  as outlined in this advisory.  Updates may be obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh files

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv files

UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux Community
  Edition.

  Source Packages:

    SRPMS/bind-chroot-8.2.6-1.0.29.src.rpm
      MD5 Sum: 3c845d09bcbe9b07e5395d75a8686689

  Binary Packages:

    i386/bind-chroot-8.2.6-1.0.29.i386.rpm
      MD5 Sum: 0c1daf47be94ae0fd5a29e4007bf68c2

    i386/bind-chroot-utils-8.2.6-1.0.29.i386.rpm
      MD5 Sum: 58e0e54d895b8dc3c6f6b5e9228912fb

    i686/bind-chroot-8.2.6-1.0.29.i686.rpm
      MD5 Sum: 84cb58f02d228859a2fbda3ed1b46dd5

    i686/bind-chroot-utils-8.2.6-1.0.29.i686.rpm
      MD5 Sum: 20fb3e4a34cecb431511308afe027941

REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  BIND's Official Web Site:
    http://www.isc.org/products/BIND/

  Security Contact:   security@...rdiandigital.com
  EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20021114-029-bind-chroot,v 1.4 2002/11/14 10:02:51 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@...rdiandigital.com>
Copyright 2002, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE903h0HD5cqd57fu0RAgQ2AJ4h+6JBMcFRlC3vKwfRi7dnMRE69ACbBQoO
jReNCYKqxnuwuvOLsRqhznY=
=9v8+
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
     To unsubscribe email engarde-security-request@...ardelinux.org
         with "unsubscribe" in the subject of the message.

Copyright(c) 2002 Guardian Digital, Inc.                EnGardeLinux.org
------------------------------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ