 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50849 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandrake Security Advisory MDKSA-2002:077 (bind) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to bind announced via advisory MDKSA-2002:077. Several vulnerabilities were discovered in the BIND8 DNS server by ISS (Internet Security Services), including a remotely exploitable buffer overflow. The first vulnerability is how named handles SIG records this buffer overflow can be exploited to obtain access to the victim host with the privilege of the user the named process is running as. By default, Mandrake Linux is configured to run the named process as the named user. To successfully exploit this vulnerability, the attacker must control an existing DNS domain and must be allowed to perform a recursive query. A possible work-around is to restrict recursive requests, however MandrakeSoft encourages all users to upgrade to the provided BIND9 packages. You can also completely disable recursion by adding recursion no to the options section of /etc/named.conf. Several Denial of Service problems also exist in BIND8 that allow attackers to terminate the named process. At least one of these vulnerabilities seems to be exploitable even when the attacker is not permitted to perform recursive queries, so the work-around noted above is not effective against this DoS. Both problems are not reported to effect BIND9. As Linux-Mandrake 7.2 and Single Network Firewall 7.2 are the only supported distributions to still ship BIND8, we have elected to upgrade to both a patched version of BIND8 and BIND9. The BIND8 packages contain the patch ISC made available late on the 13th, contrary to their original advisory which called for them to be made available next week. Despite this, however, MandrakeSoft encourages everyone who is able to upgrade to BIND9 rather than BIND8. The MandrakeSoft security team wishes to apologize to MandrakeSoft customers for not being able to provide timely fixes for this problem, and regrets the inability of the ISC to work with the Internet community at large to provide adequate protection to users of BIND. Affected versions: 7.2, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1219 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1221 http://www.kb.cert.org/vuls/id/852283 http://www.kb.cert.org/vuls/id/229595 http://www.isc.org/products/BIND/bind-security.html http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-1219 http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html BugTraq ID: 6160 http://www.securityfocus.com/bid/6160 Bugtraq: 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] (Google Search) http://marc.info/?l=bugtraq&m=103713117612842&w=2 Bugtraq: 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) (Google Search) http://online.securityfocus.com/archive/1/300019 Bugtraq: 20021118 TSLSA-2002-0076 - bind (Google Search) http://marc.info/?l=bugtraq&m=103763574715133&w=2 Caldera Security Advisory: CSSA-2003-SCO.2 http://www.cert.org/advisories/CA-2002-31.html CERT/CC vulnerability note: VU#852283 http://www.kb.cert.org/vuls/id/852283 Computer Incident Advisory Center Bulletin: N-013 http://www.ciac.org/ciac/bulletins/n-013.shtml COMPAQ Service Security Patch: SSRT2408 http://online.securityfocus.com/advisories/4999 Conectiva Linux advisory: CLA-2002:546 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546 Debian Security Information: DSA-196 (Google Search) http://www.debian.org/security/2002/dsa-196 En Garde Linux Advisory: ESA-20021114-029 FreeBSD Security Advisory: FreeBSD-SA-02:43 ISS Security Advisory: 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8 http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539 SGI Security Advisory: 20021201-01-P ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P SuSE Security Announcement: SuSE-SA:2002:044 (Google Search) XForce ISS Database: bind-sig-rr-bo(10304) https://exchange.xforce.ibmcloud.com/vulnerabilities/10304 Common Vulnerability Exposure (CVE) ID: CVE-2002-1220 BugTraq ID: 6161 http://www.securityfocus.com/bid/6161 CERT/CC vulnerability note: VU#229595 http://www.kb.cert.org/vuls/id/229595 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449 XForce ISS Database: bind-opt-rr-dos(10332) https://exchange.xforce.ibmcloud.com/vulnerabilities/10332 Common Vulnerability Exposure (CVE) ID: CVE-2002-1221 BugTraq ID: 6159 http://www.securityfocus.com/bid/6159 CERT/CC vulnerability note: VU#581682 http://www.kb.cert.org/vuls/id/581682 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2094 XForce ISS Database: bind-null-dereference-dos(10333) https://exchange.xforce.ibmcloud.com/vulnerabilities/10333 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |