Linux Security
    Linux Security
    Linux Security

    Debian: bind multiple vulnerabilities

    Date 14 Nov 2002
    Posted By LinuxSecurity Advisories
    The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow.
    Debian Security Advisory DSA 196-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                          Daniel Jacobowitz
    November 14th, 2002            
    Package        : bind
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2002-1219 CAN-2002-1220 CAN-2002-1221
    CERT advisory  : VU#844360 VU#852283 VU#229595 VU#542971
    [Bind version 9, the bind9 package, is not affected by these problems.]
    ISS X-Force has discovered several serious vulnerabilities in the Berkeley
    Internet Name Domain Server (BIND).  BIND is the most common implementation
    of the DNS (Domain Name Service) protocol, which is used on the vast
    majority of DNS servers on the Internet.  DNS is a vital Internet protocol
    that maintains a database of easy-to-remember domain names (host names) and
    their corresponding numerical IP addresses.
    Circumstancial evidence suggests that the Internet Software Consortium
    (ISC), maintainers of BIND, was made aware of these issues in mid-October.
    Distributors of Open Source operating systems, including Debian, were
    notified of these vulnerabilities via CERT about 12 hours before the release
    of the advisories on November 12th.  This notification did not include any
    details that allowed us to identify the vulnerable code, much less prepare
    timely fixes.
    Unfortunately ISS and the ISC released their security advisories with only
    descriptions of the vulnerabilities, without any patches.  Even though there
    were no signs that these exploits are known to the black-hat community, and
    there were no reports of active attacks, such attacks could have been
    developed in the meantime - with no fixes available.
    We can all express our regret at the inability of the ironically named
    Internet Software Consortium to work with the Internet community in handling
    this problem.  Hopefully this will not become a model for dealing with
    security issues in the future.
    The Common Vulnerabilities and Exposures (CVE) project identified the
    following vulnerabilities:
    1. CAN-2002-1219: A buffer overflow in BIND 8 versions 8.3.3 and earlier
       allows a remote attacker to execute arbitrary code via a certain DNS
       server response containing SIG resource records (RR).  This buffer
       overflow can be exploited to obtain access to the victim host under the
       account the named process is running with, usually root.
    2. CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3 allows a remote
       attacker to cause a denial of service (termination due to assertion
       failure) via a request for a subdomain that does not exist, with an OPT
       resource record with a large UDP payload size.
    3. CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows a remote attacker
       to cause a denial of service (crash) via SIG RR elements with invalid
       expiry times, which are removed from the internal BIND database and later
       cause a null dereference.
    These problems have been fixed in version 8.3.3-2.0woody1 for the current
    stable distribution (woody), in 8.2.3-0.potato.3 for the previous stable
    distribution (potato) and in version 8.3.3-3 for the unstable distribution
    (sid).  The fixed packages for unstable will enter the archive today.
    We recommend that you upgrade your bind package immediately, update to
    bind9, or switch to another DNS server implementation.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian 2.2 (oldstable)
      Oldstable was released for alpha, arm, i386, m68k, powerpc and sparc.
      Source archives:
          Size/MD5 checksum:      630 98f61786fa959c589c0a651868a622f9
          Size/MD5 checksum:   162301 be163758728858c77dbee6ae67f9a5d5
          Size/MD5 checksum:  2610779 46b88bbdb1487951ddad41f42d96e913
      Architecture independent packages:
          Size/MD5 checksum:    11784 e75edf3668a5e402a1786ead21dfa2c2
          Size/MD5 checksum:  1205360 c238cea2c548ce03599948fa94aa2e7d
      alpha architecture (DEC Alpha)
          Size/MD5 checksum:   430518 538b677dcb4df6c0ef601663ff9cf3e7
          Size/MD5 checksum:   757704 9f075c3e03d36c393fbeeaf2f5a7b10a
          Size/MD5 checksum:   450254 c811eda1f1a8212d17d9beeafc892858
      arm architecture (ARM)
          Size/MD5 checksum:   348888 b53e413cdd06f1fa422e27e7f318deb9
          Size/MD5 checksum:   354084 63004fdf3b7babf014e4b55d18f21be0
          Size/MD5 checksum:   600964 e14cf9feb989058dfce82e42b112c09a
      i386 architecture (Intel ia32)
          Size/MD5 checksum:   340444 31b08eaeb38c0df2ed1cb6cb6fa3f5de
          Size/MD5 checksum:   572016 540d025d851c207596f02f293d32dbca
          Size/MD5 checksum:   309622 476724d25b348bdfa3f314bf8777e05a
      m68k architecture (Motorola Mc680x0)
          Size/MD5 checksum:   292776 8a6434791431dfb571516650b84d68e1
          Size/MD5 checksum:   310122 696bb7556163e30bfd39d3798c2ba094
          Size/MD5 checksum:   520006 ff5bb2578be770dcaa209fc9f28e66ae
      powerpc architecture (PowerPC)
          Size/MD5 checksum:   617500 15b7bc50fa768046c504a03ddafec602
          Size/MD5 checksum:   376410 0305a064cb99e0c8a6946c8f33fcdc0c
          Size/MD5 checksum:   371218 7dea62489269317b588df637e5b40298
      sparc architecture (Sun SPARC/UltraSPARC)
          Size/MD5 checksum:   607994 05807466ad228e965b60daeaeb8b3738
          Size/MD5 checksum:   368582 6dec11c8f07deb83622632e99875d601
          Size/MD5 checksum:   335440 51a7f16483360f834f19577def32198f
    Debian 3.0 (stable)
      Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
      Source archives:
          Size/MD5 checksum:      639 0a65835e20faaba4f351b34330b7aa2c
          Size/MD5 checksum:    31430 d7ff2bae2f2233c0a6588fbea3dd9964
          Size/MD5 checksum:  2713120 847ba93d1ac71b94560c002c9f730100
      Architecture independent packages:
          Size/MD5 checksum:  1290726 0634671f5432f7a8c348e9624e64d349
      alpha architecture (DEC Alpha)
          Size/MD5 checksum:   999188 f2b729eb9f85b55d8a71db3e44db825a
          Size/MD5 checksum:   509272 402cd93961d836a8e4cf491655ae0a29
      arm architecture (ARM)
          Size/MD5 checksum:   826484 2a2abd103a460071f380ac501de6ee63
          Size/MD5 checksum:   426982 657a181d3781da2db5e434c1199c7628
      hppa architecture (HP PA RISC)
          Size/MD5 checksum:   921372 6193f53e7d6f676ab306ffb81b4df10d
          Size/MD5 checksum:   475096 a948f910047cbad89d1c7ff26faacfae
      i386 architecture (Intel ia32)
          Size/MD5 checksum:   381878 12c0435300e4a879037895d3bb7f2ddc
          Size/MD5 checksum:   793562 27e5c151a7acda692fc332f4db9ce218
      ia64 architecture (Intel ia64)
          Size/MD5 checksum:  1285738 5a72e98954d09e5cf3c5caaaf05f5f34
          Size/MD5 checksum:   575798 bfc630343fc7a88f5ce005e387ee9639
      m68k architecture (Motorola Mc680x0)
          Size/MD5 checksum:   362654 c6712c1d7f17daab556dbfe4a1823b99
          Size/MD5 checksum:   720556 67e91d9890a14be213407ecc8c993bab
      mips architecture (MIPS (Big Endian))
          Size/MD5 checksum:   926866 c76bc7407b6c67b507ab5cd33a4618e1
          Size/MD5 checksum:   469762 75e3f4d14f742fa2fb44e0d4c9b7623d
      mipsel architecture (MIPS (Little Endian))
          Size/MD5 checksum:   934246 c00972ae586cfd8a4475a932a35ca04a
          Size/MD5 checksum:   470648 6271291263bfbfb4e14733d02c560fa0
      powerpc architecture (PowerPC)
          Size/MD5 checksum:   451604 b9459ac7c9554f0276bef06762257785
          Size/MD5 checksum:   851852 85e204bc94b1a0bb2fd02c0d4717400a
      s390 architecture (IBM S/390)
          Size/MD5 checksum:   797738 101ec9c552bcf99618a08abb07209406
          Size/MD5 checksum:   387006 3ba683f9d05c411897432aee90566024
      sparc architecture (Sun SPARC/UltraSPARC)
          Size/MD5 checksum:   408732 e4463b87c64a6d08863c470e757a6dd2
          Size/MD5 checksum:   839566 b42c13cdc206437eb3a5353d86e34201
      These files will probably be moved into the stable distribution on
      its next revision.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.