-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------+ | EnGarde Secure Linux Security Advisory November 14, 2002 | | http://www.engardelinux.org/ ESA-20021114-029 | | | | Packages: bind-chroot, bind-chroot-utils | | Summary: buffer overflow, DoS attacks. | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, e-commerce, and integrated open source security tools. OVERVIEW - -------- Several vulnerabilities were found in the BIND nameserver. The vulnerabilities, discovered by ISS, range from buffer overflows to denial of service (DoS) attacks. The summaries below are from the ISS advisory which may be found at: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 * CAN-2002-1219 -- BIND SIG Cached RR Overflow Vulnerability "A buffer overflow exists in BIND 4 and 8 that may lead to remote compromise of vulnerable DNS servers. An attacker who controls any authoritative DNS server may cause BIND to cache DNS information within its internal database, if recursion is enabled. Recursion is enabled by default unless explicitly disabled via command line options or in the BIND configuration file. Attackers must either create their own name server that is authoritative for any domain, or compromise any other authoritative server with the same criteria. Cached information is retrieved when requested by a DNS client. There is a flaw in the formation of DNS responses containing SIG resource records (RR) that can lead to buffer overflow and execution of arbitrary code." * CAN-2002-1220 -- BIND OPT DoS "Recursive BIND 8 servers can be caused to abruptly terminate due to an assertion failure. A client requesting a DNS lookup on a nonexistent sub- domain of a valid domain name may cause BIND 8 to terminate by attaching an OPT resource record with a large UDP payload size. This DoS may also be triggered for queries on domains whose authoritative DNS servers are unreachable." * CAN-2002-1221 -- BIND SIG Expiry Time DoS "Recursive BIND 8 servers can be caused to abruptly terminate due to a null pointer dereference. An attacker who controls any authoritative name server may cause vulnerable BIND 8 servers to attempt to cache SIG RR elements with invalid expiry times. These are removed from the BIND internal database, but later improperly referenced, leading to a DoS condition." All users should upgrade as soon as possible. SOLUTION - -------- Users of the EnGarde Professional edition can use the Guardian Digital Secure Network to update their systems automatically. EnGarde Community users should upgrade to the most recent version as outlined in this advisory. Updates may be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a "standard" kernel; or b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -Uvh files You must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv files UPDATED PACKAGES - ---------------- These updated packages are for EnGarde Secure Linux Community Edition. Source Packages: SRPMS/bind-chroot-8.2.6-1.0.29.src.rpm MD5 Sum: 3c845d09bcbe9b07e5395d75a8686689 Binary Packages: i386/bind-chroot-8.2.6-1.0.29.i386.rpm MD5 Sum: 0c1daf47be94ae0fd5a29e4007bf68c2 i386/bind-chroot-utils-8.2.6-1.0.29.i386.rpm MD5 Sum: 58e0e54d895b8dc3c6f6b5e9228912fb i686/bind-chroot-8.2.6-1.0.29.i686.rpm MD5 Sum: 84cb58f02d228859a2fbda3ed1b46dd5 i686/bind-chroot-utils-8.2.6-1.0.29.i686.rpm MD5 Sum: 20fb3e4a34cecb431511308afe027941 REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY BIND's Official Web Site: http://www.isc.org/products/BIND/ Security Contact: securityat_private EnGarde Advisories: http://www.engardelinux.org/advisories.html - -------------------------------------------------------------------------- $Id: ESA-20021114-029-bind-chroot,v 1.4 2002/11/14 10:02:51 rwm Exp $ - -------------------------------------------------------------------------- Author: Ryan W. Maple <ryanat_private> Copyright 2002, Guardian Digital, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE903h0HD5cqd57fu0RAgQ2AJ4h+6JBMcFRlC3vKwfRi7dnMRE69ACbBQoO jReNCYKqxnuwuvOLsRqhznY= =9v8+ -----END PGP SIGNATURE----- ------------------------------------------------------------------------ To unsubscribe email engarde-security-requestat_private with "unsubscribe" in the subject of the message. Copyright(c) 2002 Guardian Digital, Inc. EnGardeLinux.org ------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Nov 14 2002 - 04:12:54 PST