|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Sun Information for VU#572183
| Date Notified | 01/03/2001 |
| Date Modified | 05/01/2002 03:11:27 PM |
| Status Summary | Vulnerable |
Vendor StatementCERT Advisory CA-2001-02 describes four vulnerabilities in certain
versions of BIND. The four vulnerabilities are listed below along with
the affected versions of Solaris and the version of BIND shipped with each
version of Solaris.
VU#196945 - ISC BIND 8 contains buffer overflow in transaction signature (TSIG)
handling code
Solaris 8 04/01* (BIND 8.2.2-p5)
Solaris 8 Maintenance Update 4* (BIND 8.2.2-p5)
VU#572183 - ISC BIND 4 contains buffer overflow in nslookupComplain()
Solaris 2.6 (BIND 4.9.4-P1)
Solaris 2.5.1** (BIND 4.9.3)
VU#868916 - ISC BIND 4 contains input validation error in nslookupComplain()
Solaris 2.6 (BIND 4.9.4-P1)
Solaris 2.5.1** (BIND 4.9.3)
VU#325431 - Queries to ISC BIND servers may disclose environment variables
Solaris 2.4, 2.5 (BIND 4.8.3)
Solaris 2.5.1** (BIND 4.9.3 and BIND 4.8.3)
Solaris 2.6 (BIND 4.9.4-P1)
Solaris 7 and 8 (BIND 8.1.2)
* To determine if one is running Solaris 8 04/01 or Solaris 8 Maintenance
Update 4, check the contents of the /etc/release file.
** Solaris 2.5.1 ships with BIND 4.8.3 but patch 103663-01 for SPARC and
103664-01 for x86 upgrades BIND to 4.9.3, current revision for each
patch is -17.
List of Patches
The following patches are available in relation to the above problems.
OS Version Patch ID
__________ _________
SunOS 5.8 109326-04
SunOS 5.8_x86 109327-04
SunOS 5.7 107018-03
SunOS 5.7_x86 107019-03
SunOS 5.6 105755-10
SunOS 5.6_x86 105756-10
SunOS 5.5.1 103663-16
SunOS 5.5.1_x86 103664-16
SunOS 5.5 103667-12
SunOS 5.5_x86 103668-12
SunOS 5.4 102479-14
SunOS 5.4_x86 102480-12US-CERT AddendumFor the full text of Sun Microsystems Security Bulletin #204, please visit
This document has been archived here
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
