[12564] in bugtraq
[ Cobalt ] Security Advisory - Bind
daemon@ATHENA.MIT.EDU (Jeff Bilicki)
Sat Nov 13 21:37:03 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <382CBA03.4DCB65CF@cobaltnet.com>
Date: Fri, 12 Nov 1999 17:08:19 -0800
Reply-To: Jeff Bilicki <jeffb@COBALTNET.COM>
From: Jeff Bilicki <jeffb@COBALTNET.COM>
X-To: BugTraQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Cobalt Networks -- Security Advisory -- 11.12.1999
Problem:
A bug in the processing of NXT records can theoretically allow an
attacker to gain access to the system running the DNS server at whatever
privilege level the DNS server runs at. The full description can be
found at http://www.isc.org/products/BIND/bind-security-19991108.html
Relevant products and architectures
Product Architecture Vulnerable to NXT
Qube1 MIPS no
Qube2 MIPS no
RaQ1 MIPS no
RaQ2 MIPS no
RaQ3 x86 yes
RPMS:
ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-8.2.2_P3-C2.i386.rpm
ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-devel-8.2.2_P3-C2.i386.rpm
ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-utils-8.2.2_P3-C2.i386.rpm
SRPMS:
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/bind-8.2.2_P3-C2.src.rpm
MD5 sum Package Name
-------------------------------------------------------------
1cf09350860f4880423a85d27e976383 bind-8.2.2_P3-C2.i386.rpm
ec5fba0ecd6a664dcbb4e1c9439ad7a5 bind-devel-8.2.2_P3-C2.i386.rpm
85fcfb6d05e8e2e6b8a64641037a106f bind-utils-8.2.2_P3-C2.i386.rpm
You can verify each rpm using the following command:
rpm --checksig [package]
To install, use the following command, while logged in as root:
rpm -U [package]
The package file format (pkg) for this fix is currently in testing, and
will be available in the near future.
Jeff Bilicki
Cobalt Networks
