AusCERT - ESB-1999.173 -- RHSA-1999:054-01 -- Security problems in bind

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-1999.173 -- RHSA-1999:054-01 -- Security problems in bind
Date: 12 November 1999

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
              AUSCERT External Security Bulletin Redistribution
                             
                      ESB-1999.173 -- RHSA-1999:054-01
                          Security problems in bind
                              12 November 1999

===========================================================================

Red Hat Inc. has released the following advisory concerning several
vulnerabilities in the DNS server, bind, on all Red Hat 4.X, 5.X and 6.X
platforms.  Remote users may execute arbitrary code with the privilege of
the named daemon or impair normal operation of the daemon on systems with
vulnerable versions of bind.

Under certain circumstances these vulnerabilities may allow remote users
to gain root access or to perform Denial of Service (DoS) attacks against
vulnerable systems.

Please note that these vulnerabilities are the same as previously reported
in the CERT Advisory CA-99-14 "Multiple Vulnerabilities in BIND" which was
redistributed as AusCERT External Security Bulletin ESB-1999.170.

- --------------------------BEGIN INCLUDED TEXT--------------------

- ---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		Security problems in bind
Advisory ID:		RHSA-1999:054-01
Issue date:		1999-11-11
Updated on:		1999-11-11	
Keywords:		bind named NXT solinger fdmax
Cross references:	http://www.isc.org/products/BIND/bind-security-19991108.html
- ---------------------------------------------------------------------

1. Topic:

Several security vulnerabilities exist in the DNS server, 'bind'.

2. Relevant releases/architectures:

Red Hat Linux 4.x, all platforms
Red Hat Linux 5.x, all platforms
Red Hat Linux 6.x, all platforms

3. Problem description:

Various vulnerabilities exist in previous versions of
bind:

- - A bug in the processing of NXT records can theoretically allow
  a remote attacker to gain access to the DNS server as the
  user running bind (by default, root). This vulnerability
  does not affect the bind packages that shipped with
  Red Hat Linux 4.2 and Red Hat Linux 5.2.
- - Several remote denial-of-service attacks are possible; by
  using abnormal TCP options, causing the DNS server to use many
  file descriptors, or using special SIG records, it may be possible
  to crash the DNS server.

It is recommended that all users of bind upgrade to the latest
packages.

Thanks go to ISC for providing the updated packages.

4. Solution:

For each RPM for your particular architecture, run:
    rpm -Uvh <filename>
where filename is the name of the RPM.

5. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info):

6. Obsoleted by:

7. Conflicts with:

8. RPMs required:

Red Hat Linux 4.x:

Intel:
  ftp://updates.redhat.com/4.2/i386/bind-8.2.2_P3-0.4.2.i386.rpm
  ftp://updates.redhat.com/4.2/i386/bind-devel-8.2.2_P3-0.4.2.i386.rpm
  ftp://updates.redhat.com/4.2/i386/bind-utils-8.2.2_P3-0.4.2.i386.rpm

Alpha:
  ftp://updates.redhat.com/4.2/alpha/bind-8.2.2_P3-0.4.2.alpha.rpm
  ftp://updates.redhat.com/4.2/alpha/bind-devel-8.2.2_P3-0.4.2.alpha.rpm
  ftp://updates.redhat.com/4.2/alpha/bind-utils-8.2.2_P3-0.4.2.alpha.rpm

Sparc:
  ftp://updates.redhat.com/4.2/sparc/bind-8.2.2_P3-0.4.2.sparc.rpm
  ftp://updates.redhat.com/4.2/sparc/bind-devel-8.2.2_P3-0.4.2.sparc.rpm
  ftp://updates.redhat.com/4.2/sparc/bind-utils-8.2.2_P3-0.4.2.sparc.rpm

Source packages:
  ftp://updates.redhat.com/4.2/SRPMS/bind-8.2.2_P3-0.4.2.src.rpm

Red Hat Linux 5.x:

Intel:
  ftp://updates.redhat.com/5.2/i386/bind-8.2.2_P3-0.5.2.i386.rpm
  ftp://updates.redhat.com/5.2/i386/bind-devel-8.2.2_P3-0.5.2.i386.rpm
  ftp://updates.redhat.com/5.2/i386/bind-utils-8.2.2_P3-0.5.2.i386.rpm

Alpha:
  ftp://updates.redhat.com/5.2/alpha/bind-8.2.2_P3-0.5.2.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/bind-devel-8.2.2_P3-0.5.2.alpha.rpm
  ftp://updates.redhat.com/5.2/alpha/bind-utils-8.2.2_P3-0.5.2.alpha.rpm

Sparc:
  ftp://updates.redhat.com/5.2/sparc/bind-8.2.2_P3-0.5.2.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/bind-devel-8.2.2_P3-0.5.2.sparc.rpm
  ftp://updates.redhat.com/5.2/sparc/bind-utils-8.2.2_P3-0.5.2.sparc.rpm

Source packages:
  ftp://updates.redhat.com/5.2/SRPMS/bind-8.2.2_P3-0.5.2.src.rpm

Red Hat Linux 6.x:

Intel:
  ftp://updates.redhat.com/6.1/i386/bind-8.2.2_P3-1.i386.rpm
  ftp://updates.redhat.com/6.1/i386/bind-devel-8.2.2_P3-1.i386.rpm
  ftp://updates.redhat.com/6.1/i386/bind-utils-8.2.2_P3-1.i386.rpm

Alpha:
  ftp://updates.redhat.com/6.0/alpha/bind-8.2.2_P3-1.alpha.rpm
  ftp://updates.redhat.com/6.0/alpha/bind-devel-8.2.2_P3-1.alpha.rpm
  ftp://updates.redhat.com/6.0/alpha/bind-utils-8.2.2_P3-1.alpha.rpm

Sparc:
  ftp://updates.redhat.com/6.0/sparc/bind-8.2.2_P3-1.sparc.rpm
  ftp://updates.redhat.com/6.0/sparc/bind-devel-8.2.2_P3-1.sparc.rpm
  ftp://updates.redhat.com/6.0/sparc/bind-utils-8.2.2_P3-1.sparc.rpm

Source packages:
  ftp://updates.redhat.com/6.1/SRPMS/bind-8.2.2_P3-1.src.rpm

9. Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
85f36ee60d5399199afe7edf9ce18942  i386/bind-8.2.2_P3-0.4.2.i386.rpm
e98ff23ac5cdcd888043697f1db9e353  i386/bind-devel-8.2.2_P3-0.4.2.i386.rpm
287949831c6c61689a74b72e3e079c3b  i386/bind-utils-8.2.2_P3-0.4.2.i386.rpm
2b62c4d7e7dee54ecb91fff5297c47b1  alpha/bind-8.2.2_P3-0.4.2.alpha.rpm
06d0fdcca32569dbdb5d3002c253747a  alpha/bind-devel-8.2.2_P3-0.4.2.alpha.rpm
e49d10be181ad751924da9cc7c420b45  alpha/bind-utils-8.2.2_P3-0.4.2.alpha.rpm
71ae14362db69894d621bc1a83e1ce87  sparc/bind-8.2.2_P3-0.4.2.sparc.rpm
4c8d988b34242f92233a3aabe82c4849  sparc/bind-devel-8.2.2_P3-0.4.2.sparc.rpm
923af5f384cca91082d76acc29e622ec  sparc/bind-utils-8.2.2_P3-0.4.2.sparc.rpm
8be7216693b2bfff239731687c75c7e9  SRPMS/bind-8.2.2_P3-0.4.2.src.rpm

43958baf4d3cdd6ff9739af76ea49247  i386/bind-8.2.2_P3-0.5.2.i386.rpm
40f7819efa41df675337a762a2fa951d  i386/bind-devel-8.2.2_P3-0.5.2.i386.rpm
663b01244e07904cb20df7051a685c01  i386/bind-utils-8.2.2_P3-0.5.2.i386.rpm
ee8c6d9c6d58819846992346e0235b6a  alpha/bind-8.2.2_P3-0.5.2.alpha.rpm
ba02b045f964c9a58968ecf144480499  alpha/bind-devel-8.2.2_P3-0.5.2.alpha.rpm
4d411e79d11bee31d2ca8251dc2c26af  alpha/bind-utils-8.2.2_P3-0.5.2.alpha.rpm
78b95b741d02046796547f022e4673f1  sparc/bind-8.2.2_P3-0.5.2.sparc.rpm
400d7a123fbf03239eb8e928a90f0ae6  sparc/bind-devel-8.2.2_P3-0.5.2.sparc.rpm
b1209cdd8fa1fc5770bf66043c246706  sparc/bind-utils-8.2.2_P3-0.5.2.sparc.rpm
5a5e75d61ba6a8804864e4f00e327ec1  SRPMS/bind-8.2.2_P3-0.5.2.src.rpm

f0c2e341fe81310d3031be7e0d67225f  i386/bind-8.2.2_P3-1.i386.rpm
4f34e526ec52c94b9cd3411892f920df  i386/bind-devel-8.2.2_P3-1.i386.rpm
5cb10493b44f9fe2a9c6667ebe0a0a8f  i386/bind-utils-8.2.2_P3-1.i386.rpm
94e19627ae83388e7d4795f45676c4b6  alpha/bind-8.2.2_P3-1.alpha.rpm
06932040ed8b8ff5eb8edb09c069acf9  alpha/bind-devel-8.2.2_P3-1.alpha.rpm
de0fa8d33d877d2ed7f8d26949b4a937  alpha/bind-utils-8.2.2_P3-1.alpha.rpm
54b757c6e240d4c82ca740ac49eb3db7  sparc/bind-8.2.2_P3-1.sparc.rpm
8453658392c3b2a321f7647eb875d5d2  sparc/bind-devel-8.2.2_P3-1.sparc.rpm
9894188ea1e8a5f657f13d940091114d  sparc/bind-utils-8.2.2_P3-1.sparc.rpm
987d55828aab270e14777a034d029cea  SRPMS/bind-8.2.2_P3-1.src.rpm
 
These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html
 
You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

10. References:

- --------------------------END INCLUDED TEXT--------------------

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBOEJrtyh9+71yA2DNAQELNQQAipcnzoOJURVONbGAWvJc9gpzEGKg4gnQ
NLvl5BfZuXBazJFoge+avkFp9wtIjb3o1OMn6ypEWjFFvcghO43K2Wj+aMtwsy+b
LeU1z73U9QQ8KJYhQqiPdqJFaXOvP+JZHD8eguXon2kIkEHAhCSIS1WmNO/aqdRB
2OZwJP3qLzo=
=fHQM
-----END PGP SIGNATURE-----