To: security-announceat_private bugtraqat_private announceat_private ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: OpenServer: BIND buffer overflows Advisory number: CSSA-2001-SCO.13 Issue date: 2001 August 20 Cross reference: ___________________________________________________________________________ 1. Problem Description The BIND subsystem contains several buffer overflows, detailed in CERT advisory CA-2001-02. This advisory announces the availability of a preliminary version of BIND 8.2.5. Since there is no packaged installation of this preliminary offering, it should only be installed by experienced system administrators. A formal installable fix containing this version of BIND is forthcoming. 2. Vulnerable Versions Operating System Version Affected Files ------------------------------------------------------------------ OpenServer <= 5.0.6a ./etc/addr ./etc/nsupdate ./etc/dig ./etc/dnsquery ./etc/host ./etc/named ./etc/named-xfer ./etc/ndc ./usr/lib/libresolv.so.1 ./usr/lib/libsocket.so.2 ./usr/lib/libresolv.a ./usr/lib/libsocket.a ./usr/lib/libp/libresolv.so.1 ./usr/lib/libp/libsocket.a ./usr/lib/libp/libsocket.so.2 ./usr/lib/libp/libresolv.a ./usr/bin/nslookup ./usr/include/resolv.h 3. Workaround None. 4. OpenServer 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/security/openserver/sr379322/ 4.2 Verification md5 checksums: 84e3a058fb2af36235e99831fb44d200 newbind.tar.Z md5 is available for download from ftp://ftp.sco.com/pub/security/tools/ 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following commands: # uncompress /tmp/newbind.tar.Z # mkdir /tmp/newbind # cd /tmp/newbind # tar xvf /tmp/newbind.tar Replace each of the associated binaries with the one from this directory (after saving them somewhere else). 5. References http://www.cert.org/advisories/CA-2001-02.html 6. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. ___________________________________________________________________________
This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 14:57:29 PDT