Apple Computer Inc. Information for VU#734644
ISC BIND 8 vulnerable to cache poisoning via negative responses
- Vendor Information Help Date Notified: 21 Oct 2003
- Statement Date:
- Date Updated: 11 Dec 2003
Mac OS X 10.3 and later: Not Vulnerable. Mac OS X 10.3 uses a later version of BIND that does not have this vulnerability.
Mac OS X 10.2.x: Recommend upgrading to Mac OS X 10.2.8, then installing BIND 8.4.3 as follows:
First install the Developer Tools if they are not already present, then perform the following steps from the command-line in an application such as Terminal:
1. Download BIND version 8.4.3 by executing the following command:
curl -O ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz
2. Verify the integrity of this file by typing:
which should indicate "3224691664 1438439 bind-src.tar.gz"
3. Unpack the distribution as follows:
tar xvzf bind-src.tar.gz
4. Now you're ready to start building the distribution.
cd to the src/ directory and type "make"
5. The next step will install the new named daemon:
sudo cp bin/named/named /usr/sbin/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.