| VID |
19009 |
| Severity |
40 |
| Port |
53 |
| Protocol |
TCP,UDP |
| Class |
DNS |
| Detailed Description |
The named version contains buffer overflow vulnerabilities existing in multiple implementations of DNS resolver libraries.
The Domain Name System (DNS) resolver library in BSD (libc), GNU/Linux (glibc), Internet Software Consortium's (ISC) BIND (libbind), and Sun Solaris (libresolv) are vulnerable to a buffer overflow. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses can potentially exploit these vulnerabilities to execute arbitrary code or cause a denial of service on a vulnerable system.
* Note: This check item solely relied on the version of the remote named daemon to assess this vulnerability, so this might be a false positive.
* References:
http://online.securityfocus.com/bid/5100
* Platforms Affected:
Applications using vulnerable implementations of the Domain Name System (DNS) resolver libraries, which include, but are not limited to
- Internet Software Consortium (ISC) Berkeley Internet Name Domain (BIND) DNS resolver library (libbind)
- Berkeley Software Distribution (BSD) DNS resolver library (libc)
- GNU DNS resolver library (glibc)
All versions of BIND 4 from 4.8 prior to BIND 4.9.9
All versions of BIND 8 prior to BIND 8.2.6
All versions of BIND 8.3.x prior to BIND 8.3.3
BIND versions BIND 9.2.0 and BIND 9.2.1 (Except for BIND 9.0.x and BIND 9.1.x)
Caldera UnixWare 7.1.1
Conectiva Linux 6.0, 7.0, 8.0
FreeBSD prior to 4.6-RELEASE
Mandrake Linux 7.1, 7.2
Mandrake Linux Corporate Server 1.0.1
Mandrake Single Network Firewall 7.2
NetBSD 1.4.x, 1.5, 1.5.1, 1.5.2, 1.6 beta
NetBSD-current pre20020626
OpenBSD 2.9, 3.0, 3.1
OpenPKG 1.0
Red Hat Linux 6.2, 7.0, 7.1, 7.2, 7.3
Solaris 2.5.1, 2.6, 7, 8, 9
SuSE Linux 7.0 ~ 7.3, 8.0
SuSE Linux Database Server Any version
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server for S/390 S/390
SuSE Linux Firewall Any version
SuSE eMail Server III Any version
HP Tru64 UNIX 4.0f, 4.0g, 5.0a, 5.1a
Trustix Secure Linux 1.1, 1.2, 1.5 |
| Recommendation |
For ISC BIND 8.2.5 and earlier:
Upgrade to BIND version 8.3.3 or later, available from the Internet Software Consortium Web site, http://www.isc.org/products/BIND/
For FreeBSD 4.6-RELEASE and earlier:
Apply the appropriate patch for your system, as listed in FreeBSD Security Advisory FreeBSD-SA-02:28.resolv, http://online.securityfocus.com/advisories/4236
For NetBSD:
For upgrade or workaround information, refer to NetBSD Security Advisory 2002-006, http://lists.netsys.com/pipermail/full-disclosure/2002-September/001877.html
For OpenBSD 2.9:
Apply the patch for this vulnerability, as listed in OpenBSD 2.9 errata 027: SECURITY FIX: June 25, 2002, http://www.openbsd.org/errata.html#resolver
For OpenBSD 3.0:
Apply the patch for this vulnerability, as listed in OpenBSD 3.0 errata 025: SECURITY FIX: June 25, 2002, http://www.openbsd.org/errata30.html#resolver
For OpenBSD 3.1:
Apply the patch for this vulnerability, as listed in OpenBSD 3.1 errata 007: SECURITY FIX: June 25, 2002, http://www.openbsd.org/errata29.html#resolver
For Sun Solaris:
Apply the appropriate patch for your system, as listed in Sun Alert Notification 46042, http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46042&zone_32=category%3Asecurity
For HP Tru64 UNIX:
Apply the appropriate patch for your system, as listed in Compaq SECURITY BULLETIN SRB0039W, http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
For Caldera UnixWare 7.1.1:
Upgrade to the appropriate fixed binaries, as listed in Caldera International, Inc. Security Advisory CSSA-2002-SCO.37, ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37/CSSA-2002-SCO.37.txt
For other distributions:
Contact your vendor for upgrade or patch information or refer to CERT Advisory CA-2002-19, http://www.cert.org/advisories/CA-2002-19.html |
| Related URL |
CVE-2002-0651,CVE-2002-0684 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
