|Category:||SuSE Local Security Checks|
|Title:||SuSE Security Advisory SUSE-SA:2002:044 (bind8)|
|Summary:||SuSE Security Advisory SUSE-SA:2002:044 (bind8)|
The remote host is missing updates announced in
The security research company ISS (Internet Security Services)
has discovered several vulnerabilities in the BIND8 name server,
including a remotely exploitable buffer overflow.
The advisories by ISS and ISC mention the following problems
1. There is a buffer overflow in the way named handles
SIG records. This buffer overflow can be exploited to
obtain access to the victim host under the account
the named process is running with.
In order to exploit this problem, the attacker must
control an existing DNS domain, and must be allowed
to perform a recursive query.
The impact of this vulnerability is serious.
2. There are several Denial Of Service problems in BIND8
that allow remote attackers to terminate the name server
At least one of these vulnerabilities seems to be exploitable.
Update your system with the packages as indicated in
the referenced security advisory.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2002-1219|
ISS Security Advisory: 20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Bugtraq: 20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] (Google Search)
CERT/CC vulnerability note: VU#852283
FreeBSD Security Advisory: FreeBSD-SA-02:43
En Garde Linux Advisory: ESA-20021114-029
SuSE Security Announcement: SuSE-SA:2002:044 (Google Search)
Debian Security Information: DSA-196 (Google Search)
Conectiva Linux advisory: CLA-2002:546
Caldera Security Advisory: CSSA-2003-SCO.2
Computer Incident Advisory Center Bulletin: N-013
Bugtraq: 20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) (Google Search)
COMPAQ Service Security Patch: SSRT2408
SGI Security Advisory: 20021201-01-P
Bugtraq: 20021118 TSLSA-2002-0076 - bind (Google Search)
BugTraq ID: 6160
XForce ISS Database: bind-sig-rr-bo(10304)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1220
CERT/CC vulnerability note: VU#229595
BugTraq ID: 6161
XForce ISS Database: bind-opt-rr-dos(10332)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1221
CERT/CC vulnerability note: VU#581682
BugTraq ID: 6159
XForce ISS Database: bind-null-dereference-dos(10333)
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.