Test ID:	1.3.6.1.4.1.25623.1.0.51554
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:546
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2002:546. bind is probably the most used DNS server on the internet. ISS reported[7] buffer overflow and denial of service vulnerabilities in some versions of the BIND software. The most dangerous one, the buffer overflow, could be used by remote attacker to execute arbitrary code on the server with the privileges of the user running the named process. The vulnerabilities explained below affect BIND as shipped with Conectiva Linux 6.0. Conectiva Linux 7.0 and 8 already ship BIND 9.x, which is not vulnerable to the problems reported by ISS. 1) Buffer overflow (CVE-2002-1219) [5] An attacker who can make a vulnerable BIND server make recursive queries to a domain that he (the attacker) controls can exploit this vulnerability and execute arbitrary code on the server with the same privileges as the named process. The BIND packages in Conectiva Linux run the named process with an unprivileged user, and not root, which mitigates the impact of this vulnerability somewhat, requiring that the attacker take further steps to obtain root access. Additionally, there is the bind-chroot package which, if used, runs the server in a chroot area under /var/named which imposes an additional restriction on the actions a potential intruder can take. 2) Denial of service (CVE-2002-1221) [6] The BIND server can be triggered into attempting a NULL pointer dereference which will terminate the service. This can be caused by a remote attacker who controls a DNS server authoritative for some domain queried by the vulnerable BIND server. The packages available through this advisory were built with patches that were made publicly available[3] by ISC less than 24 hours ago. Conectiva Linux and the majority of other GNU/Linux distributions were notified about this vulnerability (but with not enough details to produce a patch) about 12 hours before ISS made it public[7]. We are worried about the way in which this whole incident has been handled, specially when considering that DNS is part of the internet infrastructure and thus a vital service. We, and many vendors, do believe in what is commonly called responsible full disclosure[8], where all details about a vulnerability are made public after all vendors were notified in advance and have had a reasonable amount of time to prepare and test updated packages. We believe this to be the most secure and responsible method for disclosing vulnerabilities. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.isc.org/ http://www.cert.org/advisories/CA-2002-31.html http://www.isc.org/products/BIND/patches/bind826.diff http://www.isc.org/products/BIND/bind-security.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1219 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1221 http://distro.conectiva.com.br/seguranca/problemas/?idioma=en http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:546 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-1219 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html BugTraq ID: 6160 http://www.securityfocus.com/bid/6160 Bugtraq: 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] (Google Search) http://marc.info/?l=bugtraq&m=103713117612842&w=2 Bugtraq: 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) (Google Search) http://online.securityfocus.com/archive/1/300019 Bugtraq: 20021118 TSLSA-2002-0076 - bind (Google Search) http://marc.info/?l=bugtraq&m=103763574715133&w=2 Caldera Security Advisory: CSSA-2003-SCO.2 http://www.cert.org/advisories/CA-2002-31.html CERT/CC vulnerability note: VU#852283 http://www.kb.cert.org/vuls/id/852283 Computer Incident Advisory Center Bulletin: N-013 http://www.ciac.org/ciac/bulletins/n-013.shtml COMPAQ Service Security Patch: SSRT2408 http://online.securityfocus.com/advisories/4999 Conectiva Linux advisory: CLA-2002:546 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Debian Security Information: DSA-196 (Google Search) http://www.debian.org/security/2002/dsa-196 En Garde Linux Advisory: ESA-20021114-029 FreeBSD Security Advisory: FreeBSD-SA-02:43 ISS Security Advisory: 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539 SGI Security Advisory: 20021201-01-P ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P SuSE Security Announcement: SuSE-SA:2002:044 (Google Search) XForce ISS Database: bind-sig-rr-bo(10304) https://exchange.xforce.ibmcloud.com/vulnerabilities/10304 Common Vulnerability Exposure (CVE) ID: CVE-2002-1221 BugTraq ID: 6159 http://www.securityfocus.com/bid/6159 CERT/CC vulnerability note: VU#581682 http://www.kb.cert.org/vuls/id/581682 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2094 XForce ISS Database: bind-null-dereference-dos(10333) https://exchange.xforce.ibmcloud.com/vulnerabilities/10333
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.