Debian: DSA-1831-1: New djbdns packages fix privilege escalation

    Date13 Jul 2009
    CategoryDebian
    17
    Posted ByLinuxSecurity Advisories
    Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1831-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    July 13, 2009                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : djbdns
    Vulnerability  : programming error
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-0858
    Debian Bug     : 518169
    
    Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain
    Name System server, does not constrain offsets in the required manner,
    which allows remote attackers with control over a third-party subdomain
    served by tinydns and axfrdns, to trigger DNS responses containing
    arbitrary records via crafted zone data for this subdomain.
    
    The old stable distribution (etch) does not contain djbdns.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.05-4+lenny1.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.05-5.
    
    We recommend that you upgrade your djbdns package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05.orig.tar.gz
        Size/MD5 checksum:    85648 3147c5cd56832aa3b41955c7a51cbeb2
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.dsc
        Size/MD5 checksum:     1237 b7dc377faa3cc915a4fc4c831188c536
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.diff.gz
        Size/MD5 checksum:    52796 aa741f98a1c7d7b64f49b3ec3d69646d
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/d/djbdns/dnscache-run_1.05-4+lenny1_all.deb
        Size/MD5 checksum:    11892 0f09b110a5a7ea7090dfc315a8a07195
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_alpha.deb
        Size/MD5 checksum:   376022 3830f80ce21a48e88b7e0c633e49dceb
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_alpha.deb
        Size/MD5 checksum:   468272 b0a4798d65577dd53467643d000399b6
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_amd64.deb
        Size/MD5 checksum:   350360 4ba6658eb89e6c077bc65d890171cc72
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_amd64.deb
        Size/MD5 checksum:   280924 db6e0cf1d36bd78ddca6c5d8529cceb0
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_arm.deb
        Size/MD5 checksum:   250172 d10532c10a8b1a97a4a80eb9fc13df4a
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_arm.deb
        Size/MD5 checksum:   225608 341f7d38f134999384529eeb198086a5
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_armel.deb
        Size/MD5 checksum:   298760 02d7ec2dd3de0f7f7f1953c2598bb66d
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_armel.deb
        Size/MD5 checksum:   250440 6a510480fb22b97faf94dfbb7d5abccf
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_hppa.deb
        Size/MD5 checksum:   365562 40bc21efebeb6e848484cbfcaac87e72
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_hppa.deb
        Size/MD5 checksum:   303522 884370529609702ecc4dc362953210db
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_i386.deb
        Size/MD5 checksum:   269360 cb87c5c2b60dbb6e2bc30b6e47ea5beb
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_i386.deb
        Size/MD5 checksum:   237334 ea0f66d842ce13a6a989efb387745813
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_ia64.deb
        Size/MD5 checksum:   495368 fd6574844346c01adc85bb2f64f09009
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_ia64.deb
        Size/MD5 checksum:   584748 dc2f804743edc82eacfd3a5a644ae77a
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mips.deb
        Size/MD5 checksum:   364272 c4da4293a29d8d499aa3b22ddbce4fd1
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mips.deb
        Size/MD5 checksum:   447956 53db6801f7cae6324296f1f47eb0b86c
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mipsel.deb
        Size/MD5 checksum:   363136 2a77e576d2bd8129659a0abe4944b877
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mipsel.deb
        Size/MD5 checksum:   446700 2bafbc1dc76d470484ab108e92b7dae2
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_powerpc.deb
        Size/MD5 checksum:   270750 3ee59ee9320d6a205c4a8decaa40f542
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_powerpc.deb
        Size/MD5 checksum:   332636 629f4decc315ac55e7a2704de4755358
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_s390.deb
        Size/MD5 checksum:   265986 2148a2f1d5f12fc444f76414a632aaea
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_s390.deb
        Size/MD5 checksum:   324762 5c616a1fccaf633ecb77f145b6c4f648
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_sparc.deb
        Size/MD5 checksum:   289234 030ded000454623b720d589eaf5db8bc
      http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_sparc.deb
        Size/MD5 checksum:   252888 18fd0b54b12a8d65a9aeb41b11b78e85
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.