| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20021219161740.A10061@sco.com> From: security at caldera.com (security@...dera.com) Subject: Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31) To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com ______________________________________________________________________________ SCO Security Advisory Subject: Linux: multiple vulnerabilities in BIND (CERT CA-2002-31) Advisory number: CSSA-2002-059.0 Issue date: 2002 December 19 Cross reference: ______________________________________________________________________________ 1. Problem Description From CERT CA-2002-31: Multiple vulnerabilities have been found in BIND (Berkeley Internet Name Domain). One of these vulnerabilities may allow remote attackers to execute arbitrary code with the privileges of the user running named, typically root. Other vulnerabilities may allow remote attackers to disrupt the normal operation of your name server, possibly causing a crash. A vulnerability in the DNS resolver library may allow remote attackers to execute arbitrary code with the privileges of applications that issue network name or address requests. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to bind-8.3.4-1.i386.rpm prior to bind-doc-8.3.4-1.i386.rpm prior to bind-utils-8.3.4-1.i386.rpm OpenLinux 3.1.1 Workstation prior to bind-8.3.4-1.i386.rpm prior to bind-doc-8.3.4-1.i386.rpm prior to bind-utils-8.3.4-1.i386.rpm OpenLinux 3.1 Server prior to bind-8.3.4-1.i386.rpm prior to bind-doc-8.3.4-1.i386.rpm prior to bind-utils-8.3.4-1.i386.rpm OpenLinux 3.1 Workstation prior to bind-8.3.4-1.i386.rpm prior to bind-doc-8.3.4-1.i386.rpm prior to bind-utils-8.3.4-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-059.0/RPMS 4.2 Packages dbade93f9de80c9d05dafdb010c51f0f bind-8.3.4-1.i386.rpm 077c5888f3c3f3074bcb12c79c9c97ec bind-doc-8.3.4-1.i386.rpm dfad9dd9bea8a88ba1958e68b6b255a7 bind-utils-8.3.4-1.i386.rpm 4.3 Installation rpm -Fvh bind-8.3.4-1.i386.rpm rpm -Fvh bind-doc-8.3.4-1.i386.rpm rpm -Fvh bind-utils-8.3.4-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-059.0/SRPMS 4.5 Source Packages 73b4995cc2c66829aca6e2e181b1de2f bind-8.3.4-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-059.0/RPMS 5.2 Packages 0816f38b7ffacae029944eefae8a6fef bind-8.3.4-1.i386.rpm 0b514bae1d74d281969b55b9e84e9056 bind-doc-8.3.4-1.i386.rpm 328c16be821f03f048701072bea4c290 bind-utils-8.3.4-1.i386.rpm 5.3 Installation rpm -Fvh bind-8.3.4-1.i386.rpm rpm -Fvh bind-doc-8.3.4-1.i386.rpm rpm -Fvh bind-utils-8.3.4-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-059.0/SRPMS 5.5 Source Packages 763945e1c5e05dfa2146f2acb6725556 bind-8.3.4-1.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-059.0/RPMS 6.2 Packages 89d9ba24ca8adcc2e6e791abea0f5df4 bind-8.3.4-1.i386.rpm ba283adcfc05258e3721d0ca579f47b1 bind-doc-8.3.4-1.i386.rpm 82b68b5152da23bcc376ae2514a75f14 bind-utils-8.3.4-1.i386.rpm 6.3 Installation rpm -Fvh bind-8.3.4-1.i386.rpm rpm -Fvh bind-doc-8.3.4-1.i386.rpm rpm -Fvh bind-utils-8.3.4-1.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-059.0/SRPMS 6.5 Source Packages ddd2198ec937e0ba50313c595f08817b bind-8.3.4-1.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-059.0/RPMS 7.2 Packages 7c263440991263144153d218d458e7ff bind-8.3.4-1.i386.rpm 1d5a28636c90eea847fbad88d966ac6c bind-doc-8.3.4-1.i386.rpm 1543644de1b99e07aaa32b50342d8105 bind-utils-8.3.4-1.i386.rpm 7.3 Installation rpm -Fvh bind-8.3.4-1.i386.rpm rpm -Fvh bind-doc-8.3.4-1.i386.rpm rpm -Fvh bind-utils-8.3.4-1.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-059.0/SRPMS 7.5 Source Packages 09918127df81de1874ec96628bf45695 bind-8.3.4-1.src.rpm 8. References Specific references for this advisory: http://www.cert.org/advisories/CA-2002-31.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr871561, fz526618, erg712159. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. ______________________________________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 237 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021219/218ed3d6/attachment.bin
Powered by blists - more mailing lists