|Category:||Conectiva Local Security Checks|
|Title:||Conectiva Security Advisory CLA-2002:546|
|Summary:||Conectiva Security Advisory CLA-2002:546|
The remote host is missing updates announced in
bind is probably the most used DNS server on the internet.
ISS reported buffer overflow and denial of service vulnerabilities
in some versions of the BIND software. The most dangerous one, the
buffer overflow, could be used by remote attacker to execute
arbitrary code on the server with the privileges of the user running
the named process.
The vulnerabilities explained below affect BIND as shipped with
Conectiva Linux 6.0. Conectiva Linux 7.0 and 8 already ship BIND 9.x,
which is not vulnerable to the problems reported by ISS.
1) Buffer overflow (CVE-2002-1219) 
An attacker who can make a vulnerable BIND server make recursive
queries to a domain that he (the attacker) controls can exploit this
vulnerability and execute arbitrary code on the server with the same
privileges as the named process. The BIND packages in Conectiva
Linux run the named process with an unprivileged user, and not
root, which mitigates the impact of this vulnerability somewhat,
requiring that the attacker take further steps to obtain root access.
Additionally, there is the bind-chroot package which, if used, runs
the server in a chroot area under /var/named which imposes an
additional restriction on the actions a potential intruder can take.
2) Denial of service (CVE-2002-1221) 
The BIND server can be triggered into attempting a NULL pointer
dereference which will terminate the service. This can be caused by a
remote attacker who controls a DNS server authoritative for some
domain queried by the vulnerable BIND server.
The packages available through this advisory were built with patches
that were made publicly available by ISC less than 24 hours ago.
Conectiva Linux and the majority of other GNU/Linux distributions
were notified about this vulnerability (but with not enough details
to produce a patch) about 12 hours before ISS made it public. We
are worried about the way in which this whole incident has been
handled, specially when considering that DNS is part of the internet
infrastructure and thus a vital service.
We, and many vendors, do believe in what is commonly called
responsible full disclosure, where all details about a
vulnerability are made public after all vendors were notified in
advance and have had a reasonable amount of time to prepare and test
updated packages. We believe this to be the most secure and
responsible method for disclosing vulnerabilities.
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2002-1219|
ISS Security Advisory: 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Bugtraq: 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] (Google Search)
CERT/CC vulnerability note: VU#852283
FreeBSD Security Advisory: FreeBSD-SA-02:43
En Garde Linux Advisory: ESA-20021114-029
SuSE Security Announcement: SuSE-SA:2002:044 (Google Search)
Debian Security Information: DSA-196 (Google Search)
Conectiva Linux advisory: CLA-2002:546
Caldera Security Advisory: CSSA-2003-SCO.2
Computer Incident Advisory Center Bulletin: N-013
Bugtraq: 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) (Google Search)
COMPAQ Service Security Patch: SSRT2408
SGI Security Advisory: 20021201-01-P
Bugtraq: 20021118 TSLSA-2002-0076 - bind (Google Search)
BugTraq ID: 6160
XForce ISS Database: bind-sig-rr-bo(10304)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1221
CERT/CC vulnerability note: VU#581682
BugTraq ID: 6159
XForce ISS Database: bind-null-dereference-dos(10333)
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 47234 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.