Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: December 03, 2002
Affected
Affected Systems: Mac OS X and Mac OS X Server with BIND versions 8.1, 8.2 to 8.2.6, and 8.3.0 to 8.3.3 Mitigating Factors: BIND is not enabled by default on Mac OS X or Mac OS X Server This is addressed in Security Update 2002-11-21 http://www.apple.com/support/security/security_updates.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Affected
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CONECTIVA LINUX SECURITY ANNOUNCEMENT PACKAGE : bind SUMMARY : Remote vulnerabilities in the BIND DNS server DATE : 2002-11-14 15:36:00 ID : CLA-2002:546 RELEVANT RELEASES : 6.0 DESCRIPTION "bind" is probably the most used DNS server on the internet. ISS reported[7] buffer overflow and denial of service vulnerabilities in some versions of the BIND software. The most dangerous one, the buffer overflow, could be used by remote attacker to execute arbitrary code on the server with the privileges of the user running the "named" process. The vulnerabilities explained below affect BIND as shipped with Conectiva Linux 6.0. Conectiva Linux 7.0 and 8 already ship BIND 9.x, which is not vulnerable to the problems reported by ISS. 1) Buffer overflow (CAN-2002-1219) [5] An attacker who can make a vulnerable BIND server make recursive queries to a domain that he (the attacker) controls can exploit this vulnerability and execute arbitrary code on the server with the same privileges as the "named" process. The BIND packages in Conectiva Linux run the "named" process with an unprivileged user, and not root, which mitigates the impact of this vulnerability somewhat, requiring that the attacker take further steps to obtain root access. Additionally, there is the bind-chroot package which, if used, runs the server in a chroot area under /var/named which imposes an additional restriction on the actions a potential intruder can take. 2) Denial of service (CAN-2002-1221) [6] The BIND server can be triggered into attempting a NULL pointer dereference which will terminate the service. This can be caused by a remote attacker who controls a DNS server authoritative for some domain queried by the vulnerable BIND server. The packages available through this advisory were built with patches that were made publicly available[3] by ISC less than 24 hours ago. Conectiva Linux and the majority of other GNU/Linux distributions were notified about this vulnerability (but with not enough details to produce a patch) about 12 hours before ISS made it public[7]. We are worried about the way in which this whole incident has been handled, specially when considering that DNS is part of the internet infrastructure and thus a vital service. We, and many vendors, do believe in what is commonly called "responsible full disclosure"[8], where all details about a vulnerability are made public after all vendors were notified in advance and have had a reasonable amount of time to prepare and test updated packages. We believe this to be the most secure and responsible method for disclosing vulnerabilities. SOLUTION All BIND users should upgrade immediately. After the upgrade, the named service will be automatically restarted if needed. If it is not possible to upgrade the packages immediately, users should disable recursive queries or restrict them. Disabling recursive queries can be done by the "recursion no;" parameter in the options section of the named.conf configuration file. Restricting access to such queries can be accomplished via the "allow-recursion" directive in the same configuration file. REFERENCES 1.http://www.isc.org/ 2.http://www.cert.org/advisories/CA-2002-31.html 3.http://www.isc.org/products/BIND/patches/bind826.diff 4.http://www.isc.org/products/BIND/bind-security.html 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219 6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221 7.https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 8.http://distro.conectiva.com.br/seguranca/problemas/?idioma=en DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/bind-8.2.6-1U60_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/bind-chroot-8.2.6-1U60_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-8.2.6-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-chroot-8.2.6-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-8.2.6-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-devel-static-8.2.6-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-doc-8.2.6-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/bind-utils-8.2.6-1U60_2cl.i386.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - add the following line to /etc/apt/sources.list if it is not there yet (you may also use linuxconf to do this): rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates (replace 6.0 with the correct version number if you are not running CL6.0) - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9099O42jd0JmAcZARAiZGAKDMz0e8eiF+0Zws8sQkvkE5NcHKywCg24tc ixMwRpolJ8skSz3KyrLfVjM= =Smdc -----END PGP SIGNATURE-----
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Not Affected
Cray Inc. is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.debian.org/security/2002/dsa-196.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 | EnGarde Secure Linux Security Advisory November 14, 2002 |
| http://www.engardelinux.org/ ESA-20021114-029 | | Packages: bind-chroot, bind-chroot-utils |
| Summary: buffer overflow, DoS attacks. EnGarde Secure Linux is a secure distribution of Linux that features
improved access control, host and network intrusion detection, Web
based secure remote management, e-commerce, and integrated open source
security tools. OVERVIEW Several vulnerabilities were found in the BIND nameserver. The
vulnerabilities, discovered by ISS, range from buffer overflows to
denial of service (DoS) attacks. The summaries below are from the ISS advisory which may be found at: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 * CAN-2002-1219 -- BIND SIG Cached RR Overflow Vulnerability "A buffer overflow exists in BIND 4 and 8 that may lead to remote
compromise of vulnerable DNS servers. An attacker who controls any
authoritative DNS server may cause BIND to cache DNS information
within its internal database, if recursion is enabled. Recursion is
enabled by default unless explicitly disabled via command line
options or in the BIND configuration file. Attackers must either
create their own name server that is authoritative for any domain,
or compromise any other authoritative server with the same criteria. Cached information is retrieved when requested by a DNS client. There
is a flaw in the formation of DNS responses containing SIG resource
records (RR) that can lead to buffer overflow and execution of
arbitrary code." * CAN-2002-1220 -- BIND OPT DoS "Recursive BIND 8 servers can be caused to abruptly terminate due to
an assertion failure. A client requesting a DNS lookup on a
nonexistent sub- domain of a valid domain name may cause BIND 8 to
terminate by attaching an OPT resource record with a large UDP
payload size. This DoS may also be triggered for queries on domains
whose authoritative DNS servers are unreachable." * CAN-2002-1221 -- BIND SIG Expiry Time DoS "Recursive BIND 8 servers can be caused to abruptly terminate due to a
null pointer dereference. An attacker who controls any authoritative
name server may cause vulnerable BIND 8 servers to attempt to cache
SIG RR elements with invalid expiry times. These are removed from the
BIND internal database, but later improperly referenced, leading to a
DoS condition." All users should upgrade as soon as possible. SOLUTION Users of the EnGarde Professional edition can use the Guardian Digital
Secure Network to update their systems automatically. EnGarde Community users should upgrade to the most recent version
as outlined in this advisory. Updates may be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a "standard" kernel; or
b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -Uvh files You must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv files UPDATED PACKAGES These updated packages are for EnGarde Secure Linux Community
Edition. Source Packages: SRPMS/bind-chroot-8.2.6-1.0.29.src.rpm
MD5 Sum: 3c845d09bcbe9b07e5395d75a8686689 Binary Packages: i386/bind-chroot-8.2.6-1.0.29.i386.rpm
MD5 Sum: 0c1daf47be94ae0fd5a29e4007bf68c2 i386/bind-chroot-utils-8.2.6-1.0.29.i386.rpm
MD5 Sum: 58e0e54d895b8dc3c6f6b5e9228912fb i686/bind-chroot-8.2.6-1.0.29.i686.rpm
MD5 Sum: 84cb58f02d228859a2fbda3ed1b46dd5 i686/bind-chroot-utils-8.2.6-1.0.29.i686.rpm
MD5 Sum: 20fb3e4a34cecb431511308afe027941 REFERENCES Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY BIND's Official Web Site: http://www.isc.org/products/BIND/ Security Contact: security@guardiandigital.com
EnGarde Advisories: http://www.engardelinux.org/advisories.html $Id: ESA-20021114-029-bind-chroot,v 1.4 2002/11/14 10:02:51 rwm Exp $ Author: Ryan W. Maple
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 18, 2002
Affected
The AIX operating system is vulnerable to the named and DNS resolver issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches will be available through an efix package by 11/22/2002 or before. The efix will be available at the following URL: ftp://ftp.software.ibm.com/aix/efixes/security/bind_multiple_efix.tar.Z In the interim, customers may want to implement the workarounds given in the Solutions section to limit their exposure. The following APARs will be available in the near future: AIX 4.3.3 APAR IY37088 (available approx 11/27/2002 ) AIX 5.1.0 APAR IY37019 (available approx 12/18/2002 ) AIX 5.2.0 APAR TBA (available approx TBA )
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: October 18, 2004
Not Affected
The Infoblox DNS One product is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mandrake Linux Security Update Advisory Package name: bind
Advisory ID: MDKSA-2002:077
Date: November 14th, 2002 Affected versions: 7.2, Single Network Firewall 7.2 Problem Description: Several vulnerabilities were discovered in the BIND8 DNS server by ISS
(Internet Security Services), including a remotely exploitable buffer
overflow. The first vulnerability is how named handles SIG records; this buffer overflow can be exploited to obtain access to the victim
host with the privilege of the user the named process is running as. By default, Mandrake Linux is configured to run the named process as
the named user. To successfully exploit this vulnerability, the
attacker must control an existing DNS domain and must be allowed to
perform a recursive query. A possible work-around is to restrict recursive requests, however
MandrakeSoft encourages all users to upgrade to the provided BIND9
packages. You can also completely disable recursion by adding
"recursion no;" to the options section of /etc/named.conf. Several Denial of Service problems also exist in BIND8 that allow
attackers to terminate the named process. At least one of these
vulnerabilities seems to be exploitable even when the attacker is
not permitted to perform recursive queries, so the work-around noted
above is not effective against this DoS. Both problems are not reported to effect BIND9. As Linux-Mandrake
7.2 and Single Network Firewall 7.2 are the only supported distributions
to still ship BIND8, we have elected to upgrade to both a patched
version of BIND8 and BIND9. The BIND8 packages contain the patch
ISC made available late on the 13th, contrary to their original
advisory which called for them to be made available next week. Despite
this, however, MandrakeSoft encourages everyone who is able to upgrade
to BIND9 rather than BIND8. The MandrakeSoft security team wishes to apologize to MandrakeSoft
customers for not being able to provide timely fixes for this problem,
and regrets the inability of the ISC to work with the Internet community
at large to provide adequate protection to users of BIND. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221
http://www.kb.cert.org/vuls/id/852283
http://www.kb.cert.org/vuls/id/229595
http://www.isc.org/products/BIND/bind-security.html
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Updated Packages: Linux-Mandrake 7.2: f3ca1559f7d2fbe17a2ec6dab327bb7e 7.2/RPMS/bind-8.3.3-2.1mdk.i586.rpm
0ccd937ec59aa9775f79b05f62d4718c 7.2/RPMS/bind-9.2.1-2.3mdk.i586.rpm
783ab2327c7e7983a07a8043d3355bbb 7.2/RPMS/bind-devel-8.3.3-2.1mdk.i586.rpm
bbf717f0f71098ab6c2293d9dbd1c1bd 7.2/RPMS/bind-devel-9.2.1-2.3mdk.i586.rpm
47a2418adcd190b22956407a667fbc9e 7.2/RPMS/bind-utils-8.3.3-2.1mdk.i586.rpm
56b9c086c299cdfd367ae87f14db711b 7.2/RPMS/bind-utils-9.2.1-2.3mdk.i586.rpm
df34fbecce2e6c61695fcee11a525fea 7.2/RPMS/caching-nameserver-8.1-3.2mdk.noarch.rpm
f9d914230ec37be01ad4d00abcde0280 7.2/SRPMS/bind-8.3.3-2.1mdk.src.rpm
8660bd628168c52478b0f766d0ab676c 7.2/SRPMS/bind-9.2.1-2.3mdk.src.rpm
904b9064763803d24afc79e7140146a4 7.2/SRPMS/caching-nameserver-8.1-3.2mdk.src.rpm Single Network Firewall 7.2: f3ca1559f7d2fbe17a2ec6dab327bb7e snf7.2/RPMS/bind-8.3.3-2.1mdk.i586.rpm
0ccd937ec59aa9775f79b05f62d4718c snf7.2/RPMS/bind-9.2.1-2.3mdk.i586.rpm
47a2418adcd190b22956407a667fbc9e snf7.2/RPMS/bind-utils-8.3.3-2.1mdk.i586.rpm
56b9c086c299cdfd367ae87f14db711b snf7.2/RPMS/bind-utils-9.2.1-2.3mdk.i586.rpm
df34fbecce2e6c61695fcee11a525fea snf7.2/RPMS/caching-nameserver-8.1-3.2mdk.noarch.rpm
f9d914230ec37be01ad4d00abcde0280 snf7.2/SRPMS/bind-8.3.3-2.1mdk.src.rpm
8660bd628168c52478b0f766d0ab676c snf7.2/SRPMS/bind-9.2.1-2.3mdk.src.rpm
904b9064763803d24afc79e7140146a4 snf7.2/SRPMS/caching-nameserver-8.1-3.2mdk.src.rpm Bug IDs fixed (see https://qa.mandrakesoft.com for more information): To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command: rpm --checksig
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Not Affected
Microsoft products do not use the program in question. Microsoft products are not affected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 13, 2002
Not Affected
MontaVista ships BIND 9, thus is not vulnerably to these advisories.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 13, 2002
Not Affected
Nominum "Foundation" Authoritative Name Server (ANS) is not affected by this vulnerability. Also, Nominum "Foundation" Caching Name Server (CNS) is not affected by this vulnerability. Nominum's commercial DNS server products, which are part of Nominum "Foundation" IP Address Suite, are not based on BIND and do not contain any BIND code, and so are not affected by vulnerabilities discovered in any version of BIND.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: December 03, 2002
Affected
"NetID version 4.3.1 and below is affected by the vulnerabilities identified in CERT/CC Advisory CA-2002-31. A bulletin and patched builds are available from the following Nortel Networks support contacts: North America: 1-800-4NORTEL or 1-800-466-7835 Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009 Optivity NMS is not affected.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: December 03, 2002
Affected
BIND 4.9.10-OW2 includes the patch provided by ISC and thus has the two vulnerabilities affecting BIND 4 fixed. Previous versions of BIND 4.9.x-OW patches, if used properly, significantly reduced the impact of the "named" vulnerability. The patches are available at their usual location: http://www.openwall.com/bind/ A patch against BIND 4.9.11 will appear as soon as this version is officially released, although it will likely be effectively the same as the currently available 4.9.10-OW2. It hasn't been fully researched whether the resolver code in glibc,and in particular on Openwall GNU/*/Linux, shares any of the newly discovered BIND 4 resolver library vulnerabilities. Analysis is in progress.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 13, 2002
Affected
Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues. All users who have BIND installed should ensure that they are running these updated versions of BIND. http://rhn.redhat.com/errata/RHSA-2002-133.html Red Hat Linux http://rhn.redhat.com/errata/RHSA-2002-119.html Advanced Server 2.1
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 14, 2002
Affected
-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: bind8
Announcement-ID: SuSE-SA:2002:044
Date: Wed Nov 13 17:00:00 CET 2002
Affected products: (7.0), 7.1, 7.2, 7.3, 8.0, 8.1,
SuSE Linux Database Server
SuSE eMail Server III, 3.1
SuSE Firewall
SuSE Linux Enterprise Server for S/390
SuSE Linux Connectivity Server
SuSE Linux Enterprise Server 7
SuSE Linux Office Server
Vulnerability Type: remote command execution
Severity (1-10): 8
SuSE default package: yes
Cross References: CVE CAN-2002-1219,
CAN-2002-1220, CAN-2002-1221,
http://www.isc.org/products/BIND/bind-security.html
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Content of this advisory: 1) security vulnerability resolved: Remote command execution
in bind8 name server. problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds: BIND4, reports
of trojanized tcpdump/libpcap
3) standard appendix (further information) 1) problem description, brief discussion, solution, upgrade information The security research company ISS (Internet Security Services)
has discovered several vulnerabilities in the BIND8 name server,
including a remotely exploitable buffer overflow. Circumstancial evidence suggests that the Internet Software
Consortium (maintainer of BIND) has been made aware of these issues
in mid-October. Distributors of Open Source operating systems,
including SuSE, were notified of these vulnerabilities via CERT
approximately 12 hours before the release of the advisories by ISS
and ISC on Tue, Nov 12. This notification did not include any details
that allowed us to identify the vulnerable code, much less prepare
a fix. Mails to ISC went unanswered for 36 hours. The SuSE security team regrets that the Internet Software Consortium
has withheld vital information from the Internet community for so long,
putting the majority of BIND users at risk. We would like to express
our concern that the approach chosen by ISC and ISS is likely to
erode trust in the security community if it becomes a model for dealing
with security issues. We apologize to SuSE customers for not being able to provide timely
fixes for this problem. The advisories by ISS and ISC mention the following problems
in detail: 1. There is a buffer overflow in the way named handles
SIG records. This buffer overflow can be exploited to
obtain access to the victim host under the account
the named process is running with. In order to exploit this problem, the attacker must
control an existing DNS domain, and must be allowed
to perform a recursive query. The impact of this vulnerability is serious. In all SuSE products, named is configured to run as user "named"
by default, so a potential attacker or virus/worm does not get
immediate root access. However, this is merely an additional
obstacle the attacker faces. It may be possible for the attacker
to exploit other, unpatched local vulnerabilities such as the
recently announced traceroute hole to obtain root privilege. It
may also be possible for an attacker to obtain increased privilege
by manipulating the DNS zones served by the victim BIND server. We recommend to upgrade to the provided packages. If this is
not possible, we recommend to restrict recursive requests as a
workaround. This can be done by adding a statement such as the
following to /etc/named.conf: options {
... existing options ... # Restrict recursive queries to 192.168.1.*,
# except 192.168.1.254. # Order does matter. allow-recursion {
!192.168.1.254; 192.168.1/24; Alternatively, you can add "recursion no;" to the options
section to turn off recursion completely. 2. There are several Denial Of Service problems in BIND8
that allow remote attackers to terminate the name server
process. At least one of these vulnerabilities seems to be exploitable
even when the attacker is not allowed to perform recursive
queries, so that the workaround suggested above is not
effective against this bug. Both vulnerabilities are addressed by this update, using patches
originating from ISC. Due to the severity of this issue, we will provide update packages
for SuSE Linux 7.0, even though support for this product has officially
been discontinued. Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement. Then, install the packages using the command "rpm -Fhv file.rpm" to apply
the update. After updating, make sure to restart the name server
process by issuing the following command as root: rcnamed restart Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-260.i586.rpm
e1c07d8c1dd74374cc37e7fa692c9de1
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bindutil-8.2.4-260.i586.rpm
b41734970bf88aa7b5d3debbf834b78d
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-devel-8.2.4-260.i586.rpm
f7236e5e621725e100dbd204e2692a66
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/bind8-8.2.4-260.src.rpm
02154fbdc935a2900d70ce6a16e96543 SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-260.i386.rpm
07bc10c5c348c560084edb3c289459c9
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/bindutil-8.2.4-260.i386.rpm
4db27e9ad4ae038d81422a0c5b9a34d0
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/bind8-devel-8.2.4-260.i386.rpm
a1b3958e0fbaed30ddecbf7753007dbf
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/bind8-8.2.4-260.src.rpm
0b66ae2b5c462f041625919fed7ab089 SuSE-7.3: ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-8.2.4-261.i386.rpm
fe0654b3de751533874b08a860afea5e
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/bindutil-8.2.4-261.i386.rpm
043a8c1c0bb2cc23308a614dc7bdc0fe
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-devel-8.2.4-261.i386.rpm
59aca78f5aacb3ff7ecbc252eb760956
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/bind8-8.2.4-261.src.rpm
355add6397435262c597ad662e3df119 SuSE-7.2: ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/bind8-8.2.3-200.i386.rpm
1072a9fe708150bc14c70a72ca42dfd3
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/bindutil-8.2.3-200.i386.rpm
0713d9b200db862110493233bc1d8321
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/bind8-devel-8.2.3-200.i386.rpm
c681a91b38104cf47de4f4d454136a8a
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/bind8-8.2.3-200.src.rpm
8f51737bc0c84b7be08fe3bb1d4012b4 SuSE-7.1: ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/bind8-8.2.3-200.i386.rpm
f2c14f81038d7ba952def27981b4599c
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/bindutil-8.2.3-200.i386.rpm
961a5403a41e8031c054a081ebf92ba5
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/bind8-8.2.3-200.src.rpm
7f3c9b95591fb22f00dc0b22cdd5fcf1 SuSE-7.0: ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/bind8-8.2.3-200.i386.rpm
0a6b9e23cefa5cd9f06660571ebf85ff
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/bindutil-8.2.3-200.i386.rpm
3a6e0e81c2d8b05ee01a2a0b9c26e9a4
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/bind8-8.2.3-200.src.rpm
1c2cb2e531fe2834de84b22ad714de68 Sparc Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-8.2.4-128.sparc.rpm
c08454b933ed2365d9d2ab1322803af6
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/bindutil-8.2.4-128.sparc.rpm
47e063be85fadfa2e5d0fce1746a34b5
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-devel-8.2.4-128.sparc.rpm
46a97b033cca0a01dcb39ef90275ce46
source rpm(s): ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/bind8-8.2.4-128.src.rpm
827a7f56273c7a25ac40ffba728e9150 AXP Alpha Platform: SuSE-7.1: ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/bind8-8.2.3-139.alpha.rpm
77f39990fabacb545657236a60fecbe0
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/bindutil-8.2.3-139.alpha.rpm
33bf9f28a7c9105c84216906694c7b7c
source rpm(s): ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/bind8-8.2.3-139.src.rpm
df347649fc98de695837a88452814ee6 SuSE-7.0: ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/bind8-8.2.3-139.alpha.rpm
23f307cda6a0eefb3d9f1a0439950bdd
ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/bindutil-8.2.3-139.alpha.rpm
0789b49749d93ddd79192506cda00f7a
source rpm(s): ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/bind8-8.2.3-139.src.rpm
356306a7f2c079e2726b3aa8da496e9b PPC Power PC Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-8.2.4-200.ppc.rpm
4cbeb4719625f8735ec03c27e1b27b85
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/bindutil-8.2.4-200.ppc.rpm
37fca302d72c819e713f8038d730a527
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-devel-8.2.4-200.ppc.rpm
f0f5cb7b808789606448a4d472c71400
source rpm(s): ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/bind8-8.2.4-200.src.rpm
5c810e6f144d0f2875bb06d2331f50d8 SuSE-7.1: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/bind8-8.2.3-121.ppc.rpm
47fcc451954f03a915b57b500bd56c57
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/bindutil-8.2.3-121.ppc.rpm
2c0de3b64d5c3d62cb840a534911ef31
source rpm(s): ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/bind8-8.2.3-121.src.rpm
235e142413ec35bcbdb86168b04b7a78 SuSE-7.0: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/bind8-8.2.3-121.ppc.rpm
44dc01f6b4fae1dfd87874db6d42e8d9
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/bindutil-8.2.3-121.ppc.rpm
d46f45bef0f12c3c5b071443ac9e7f13
source rpm(s): ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/bind8-8.2.3-121.src.rpm
1bac32496ae66d4b0e35bc34d4e500ff 2) Pending vulnerabilities in SuSE Distributions and Workarounds: BIND4
In addition to the vulnerabilities in BIND8 discussed above, ISS
report several vulnerabilities in BIND4. As stated previously,
SuSE has discontinued support for BIND4 and recommends that
users upgrade to BIND8 as soon as possible. Trojaned libpcap/tcpdump
There have been reports that the source packages of tcpdump and
libpcap available from several FTP servers have been modified to
include a trojan. We have checked our source packages for this
and found them to be clean. 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command
md5sum
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: April 01, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 12, 2002 Updated: November 12, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.