Trustix Information for VU#229595

Overly large OPT record assertion



Vendor Statement

Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0076

Package name:      bind
Summary:           Remote exploit
Date:              2002-11-15
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------
Package description:
 BIND (Berkeley Internet Name Domain) is an implementation of the DNS
 (Domain Name System) protocols. BIND includes a DNS server (named),
 which resolves host names to IP addresses, and a resolver library
 (routines for applications to use when interfacing with DNS).

Problem description:
 ISS X-Force has found a number of problems in all BIND 8 series up to
 and including 8.2.6 and 8.3.3.  Two of these can cause BIND to crash
 causing a denial of service attack, whereas the last can be used to
 execute arbitary code on the victim.

 We recommend that all systems with this package installed be upgraded.
 Please note that if you do not need the functionality provided by this
 package, you may want to remove it from your system.

 All TSL updates are available from

About Trustix Secure Linux:
 Trustix Secure Linux is a small Linux distribution for servers. With focus on
 security and stability, the system is painlessly kept safe and up to date
 from day one using swup, the automated software updater.

Automatic updates:
 Users of the SWUP tool can enjoy having updates automatically
 installed using 'swup --upgrade'.

  Get SWUP from:

Public testing:
 These packages have been available for public testing for some time.
 If you want to contribute by testing the various packages in the
 testing tree, please feel free to share your findings on the
 tsl-discuss mailinglist.
 The testing tree is located at

 Check out our mailing lists:

 This advisory along with all TSL packages are signed with the TSL sign key.
 This key is available from:

  The advisory itself is available from the errata pages at
 <URI:> and
 or directly at

MD5sums of the packages:
- --------------------------------------------------------------------------
7ca823f5bdcda62354971ba527659f8f  ./1.1/RPMS/bind-8.2.6-2tr.i586.rpm
97e22862a18c94181f004b2961474a61  ./1.1/RPMS/bind-devel-8.2.6-2tr.i586.rpm
1b3924c34061398f64906a41bc4e103e  ./1.1/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30  ./1.1/SRPMS/bind-8.2.6-2tr.src.rpm
979d763efbec95a6104b8df307a52ab2  ./1.2/RPMS/bind-8.2.6-2tr.i586.rpm
a219f2f92ea9f4cccb74c4ac9fcc8f69  ./1.2/RPMS/bind-devel-8.2.6-2tr.i586.rpm
cc97ab8e12caaff576063d150d7216e7  ./1.2/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30  ./1.2/SRPMS/bind-8.2.6-2tr.src.rpm
aa38424ba1671b811aec3265e3764390  ./1.5/RPMS/bind-8.2.6-2tr.i586.rpm
74a18eed135150b64f62fb398d823175  ./1.5/RPMS/bind-devel-8.2.6-2tr.i586.rpm
74b1f15664668fcfa0da9b52f55d7745  ./1.5/RPMS/bind-utils-8.2.6-2tr.i586.rpm
9b353d2f2beef989a4d34fa9fd04cc30  ./1.5/SRPMS/bind-8.2.6-2tr.src.rpm
- --------------------------------------------------------------------------

Trustix Security Team

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see


Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.