Support / Security / Advisories / Mandrakelinux 7.0 / MDKSA-2001:017

Package name: bind
Date: 2001-01-29
Advisory ID: MDKSA-2001:017
Affected versions: CS1.0 i586 , 6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586 , 7.2 i586

Problem description

Four problems exists in all versions of ISC BIND 4.9.x prior to 4.9.8 and 8.2.x prior to 8.2.3 (9.x is not affected). Version 8.2.x contains a buffer overflow in transaction signature (TSIG) handling code that can be exploited by an attacker to gain unauthorized privileged access to the system, allowing execution of arbitrary code. BIND 4 contains both a buffer overflow in the nslookupComplain() function, as well as an input validation error in the same function. These two flaws in BIND 4 can result in a Denial of Service or the execution of arbitrary code if successfully exploited. Finally, both BIND 4 and BIND 8 suffer from an information leak in the query processing code that allows a remote attacker to access the program stack, possibly exposing program and/or environment variables. This flaw is triggered by sending a specially formatted query to vulnerable BIND servers. Linux-Mandrake ships with ISC BIND 8 and is therefore vulnerable to the first and final vulnerabilities previously mentioned. The first vulnerability is limited because any access gained exploiting it will result in restricted access due to the named server running as the user and group named, not as root. It is highly recommended that all Linux-Mandrake users upgrade BIND immediately to the latest 8.2.3 version that fixes these vulnerabilities.

Updated packages

CS1.0 i586

 5ab9bf322cecb913c6649540d5819e3d  1.0.1/RPMS/bind-8.2.3-1.2mdk.i586.rpm
eac8d15ebdfaeb5add97c8a9e0058fa7  1.0.1/RPMS/bind-devel-8.2.3-1.2mdk.i586.rpm
df714be43fe1f122dcff839c85d00719  1.0.1/RPMS/bind-utils-8.2.3-1.2mdk.i586.rpm
066b6ff50f9ba62d76ecbc198d70b9dd  1.0.1/SRPMS/bind-8.2.3-1.2mdk.src.rpm

6.1 i586

 dc329783fa290dac8cd5a738df8a82d8  6.1/RPMS/bind-8.2.3-1.2mdk.i586.rpm
ad9b06a8481ccde39ef1eb7c597d043e  6.1/RPMS/bind-devel-8.2.3-1.2mdk.i586.rpm
3df3e8047e198aa0be440308ba74adb6  6.1/RPMS/bind-utils-8.2.3-1.2mdk.i586.rpm
066b6ff50f9ba62d76ecbc198d70b9dd  6.1/SRPMS/bind-8.2.3-1.2mdk.src.rpm

6.0 i586

 b21032656e21606c2163fa92e708b9d1  6.0/RPMS/bind-8.2.3-1.3mdk.i586.rpm
d685e01c45302c7bfad0da9635590f37  6.0/RPMS/bind-devel-8.2.3-1.3mdk.i586.rpm
5da61ce349d02aa15ac94190934e7b7b  6.0/RPMS/bind-utils-8.2.3-1.3mdk.i586.rpm
b1e26aa2666c5a35cff0496a863748b4  6.0/SRPMS/bind-8.2.3-1.3mdk.src.rpm

7.0 i586

 6d1b647fe11e466a4ee3ef75424da068  7.0/RPMS/bind-8.2.3-1.2mdk.i586.rpm
45d5e366eaf3b2c1cf7c9820e681de1d  7.0/RPMS/bind-devel-8.2.3-1.2mdk.i586.rpm
b3cc1eed184505ec95e34a9fd78e65e3  7.0/RPMS/bind-utils-8.2.3-1.2mdk.i586.rpm
066b6ff50f9ba62d76ecbc198d70b9dd  7.0/SRPMS/bind-8.2.3-1.2mdk.src.rpm

7.1 i586

 5ab9bf322cecb913c6649540d5819e3d  7.1/RPMS/bind-8.2.3-1.2mdk.i586.rpm
eac8d15ebdfaeb5add97c8a9e0058fa7  7.1/RPMS/bind-devel-8.2.3-1.2mdk.i586.rpm
df714be43fe1f122dcff839c85d00719  7.1/RPMS/bind-utils-8.2.3-1.2mdk.i586.rpm
066b6ff50f9ba62d76ecbc198d70b9dd  7.1/SRPMS/bind-8.2.3-1.2mdk.src.rpm

7.2 i586

 d4b18a2076c22cfc0df869195cc814bf  7.2/RPMS/bind-8.2.3-1.1mdk.i586.rpm
dcf1a804d54a64f7129e4b06addf8cae  7.2/RPMS/bind-devel-8.2.3-1.1mdk.i586.rpm
e8e3d17f7eff95611128ffaa9c43c65d  7.2/RPMS/bind-utils-8.2.3-1.1mdk.i586.rpm
d0b55e4166fc6470dad18aa91c1143c5  7.2/SRPMS/bind-8.2.3-1.1mdk.src.rpm

References

http://www.cert.org/advisories/CA-2001-02