Apple Computer Inc. Information for VU#457875
Various DNS service implementations generate multiple simultaneous queries for the same resource record
Affected Systems: Mac OS X and Mac OS X Server.
This is fixed in Security Update 2002-11-21.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Security Update 2002-11-21 is now available. It contains BIND version
to address multiple potential vulnerabilities.
CVE IDs: CAN-2002-1219, CAN-2002-1220, CAN-2002-1221, CAN-2002-0029
Description: Several of these vulnerabilities may allow remote
to execute arbitrary code with elevated privileges. The other
could allow remote attackers to disrupt the normal operation of DNS
running on servers.
Further information is available at:
Affected systems: Systems that have enabled BIND and are using
BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3.
Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac
OS X Server
System requirements: Mac OS X 10.2.2
If BIND is enabled on Mac OS X systems prior to 10.2.2, the
is to either upgrade to Mac OS X 10.2 Jaguar then apply this Security
or to update BIND to version 8.3.4 from the ISC site at:
Security Update 2002-11-21 may be obtained from:
* Software Update pane in System Preferences (for 10.2.2 or later)
* Apple's Software Downloads web site:
To help verify the integrity of Security Update 2002-11-21 from the
Software Downloads web site, the download file is titled:
Its SHA-1 digest is: 9137fc5c1b8922475939ec93ab638494ff6e69be
Information will also be posted to the Apple Support website:
This message is signed with Apple's Product Security PGP key, and
details are available at:
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
-----END PGP SIGNATURE-----
If you have feedback, comments, or additional information about this vulnerability, please send us email.