Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorymoderatedenial of serviceSUSE 2003:047 Moderate: Bind8 Cache Poisoning DoS Attack
To resolve IP addresses to host and domain names and vice versa the To resolve IP addresses to host and domain names and vice versa the DNS service needs to be consulted. The most popular DNS software is DNS service needs to be consulted. The most popular DNS software is the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning the cache with a [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: bind8 Announcement-ID: SuSE-SA:2003:047 Date: Friday, Nov 28th 2003 15:30 MEST Affected products: 7.3, 8.0, 8.1, 8.2 Vulnerability Type: cache poisoning/denial-of-service Severity (1-10): 5 SUSE default package: yes Cross References: CAN-2003-0914 Content of this advisory: 1) security vulnerability resolved: - caching negative answers problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - ethereal - KDE - mc - apache1/2 - gpg - freeradius - xscreensaver - screen - mod_gzip - gnpan 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information To resolve IP addresses to host and domain names and vice versa the DNS service needs to be consulted. The most popular DNS software is the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning the cache with authoritative negative responses that should not be accepted otherwise. To execute this attack a name-server needs to be under malicious control and the victim's bind8 has to query this name-server. The attacker can set a high TTL value to keep his negative record as long as possible in the cache of the victim. For this time the clients of the attacked site that rely on the bind8 service will not be able to reach the domain specified in the negative record. These records should disappear after the time-interval (TTL) elapsed. There is no temporary workaround for this bug. To make this update effective run "rcnamed restart" as root please. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.2: 3d44d46f0e8397c69d53e96aba9fbd6d patch rpm(s): cce1df09a0b6fb5cbbddcc462f055c64 source rpm(s): a980a0eca79de02f135fce1cbe84ee22 SuSE-8.1: 4a46d0560eac1ca5de77c12f8abe4952 patch rpm(s): c8020302f6f161e9d86a3f1615304a23 source rpm(s): c9ee184cbd1f1722c94de9fd66f11801 SuSE-8.0: f739fdb03a7df6685e0aa026f98a0389 patch rpm(s): a3de26e06b689d29b4b4b08c04fa32f4 source rpm(s): 85d8d9fee3c8a029263777a45b4af011 SuSE-7.3: 381c2b6f805ca30d0fefc98afaee9ba0 source rpm(s): 97a87469cfb573bdd89f8f3a2c02264f Sparc Platform: SuSE-7.3: c08454b933ed2365d9d2ab1322803af6 source rpm(s): 827a7f56273c7a25ac40ffba728e9150 PPC Power PC Platform: SuSE-7.3: 12f1f205c08449e945c8ad344a8e3b41 source rpm(s): 177093e76b3b8d2679089a1ab1c46d0e ______________________________________________________________________________ 2) Pending vulnerabilities in SUSE Distributions andWorkarounds: - ethereal A new official version of ethereal, a network traffic analyzer, was released to fix various security-related problems. An update package is currently being tested and will be released as soon as possible. - KDE New KDE packages are currently being tested. These packages fixes several vulnerabilities: + remote root compromise (CAN-2003-0690) + weak cookies (CAN-2003-0692) + SSL man-in-the-middle attack + information leak through HTML-referrer (CAN-2003-0459) + wrong file permissions of config files The packages will be release as soon as testing is finished. - mc By using a special combination of links in archive-files it is possible to execute arbitrary commands while mc tries to open it in its VFS. The packages are currently tested and will be release as soon as possible. - apache1/2 The widely used HTTP server apache has several security vulnerabilities: - locally exploitable buffer overflow in the regular expression code. The attacker must be able to modify .htaccess or httpd.conf. (affects: mod_alias and mod_rewrite) - under some circumstances mod_cgid will output its data to the wrong client (affects: apache2) The new packages are available on our FTP servers. - gpg In GnuPG version 1.0.2 a new code for ElGamal was introduced. This code leads to an attack on users who use ElGamal keys for signing. It is possible to reconstruct the private ElGamal key by analyzing a public ElGamal signature. Please note that the ElGamal algorithm is seldomly used and GnuPG displays several warnings when generating ElGamal signature keys. The default key generation process in GnuPG will create a DSA signature key and an ElGamal subkey for _encryption only_. These keys are not affected by this vulnerability. Anyone using ElGamal signature keys (type 20, check fourth field of "gpg --list-keys --with-colon" output)should revoke them. - freeradius Two vulnerabilities were found in the FreeRADIUS package. The remote denial-of-service attack bug was fixed and new packages will be released as soon as testing was successfully finished. The other bug is a remote buffer overflow in the module rlm_smb. We do not ship this module and will fix it for future releases. - xscreensaver The well known screen-saver for X is vulnerable to several local tmp file attacks as well as a crash when verifying a password. Only SuSE Linux 9.0 products are affected. The new packages are available on our FTP servers. - screen A buffer overflow in screen was reported. Since SuSE Linux 8.0 we do not ship screen with the s-bit anymore. An update package will be released for 7.3 as soon as possible. - mod_gzip The apache module mod_gzip is vulnerable to remote code execution while running in debug-mode. We do not ship this module in debug-mode but future versions will include the fix. - gnpan A remote denial-of-service attack can be run against the GNOME news-reader program gnpan. This bug affects SuSE Linux 8.0, 8.1, 8.2. Update packages are available on our FTP servers. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpmpackage. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key
Nov 28, 2003
SuSE
100
security advisorycriticalSuSESuSE: SA:2002:044 Critical: Bind8 DoS and Remote Command Execution
The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow.. ______________________________________________________________________________ SuSE Security Announcement Package: bind8 Announcement-ID: SuSE-SA:2002:044 Date: Wed Nov 13 17:00:00 CET 2002 Affected products: (7.0), 7.1, 7.2, 7.3, 8.0, 8.1, SuSE Linux Database Server SuSE eMail Server III, 3.1 SuSE Firewall SuSE Linux Enterprise Server for S/390 SuSE Linux Connectivity Server SuSE Linux Enterprise Server 7 SuSE Linux Office Server Vulnerability Type: remote command execution Severity (1-10): 8 SuSE default package: yes Cross References: CVE CAN-2002-1219, CAN-2002-1220, CAN-2002-1221, Content of this advisory: 1) security vulnerability resolved: Remote command execution in bind8 name server. problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: BIND4, reports of trojanized tcpdump/libpcap 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow. Circumstancial evidence suggests that the Internet Software Consortium (maintainer of BIND) has been made aware of these issues in mid-October. Distributors of Open Source operating systems, including SuSE, were notified of these vulnerabilities via CERT approximately 12 hours before the release of the advisories by ISS and ISC on Tue, Nov 12. This notification did not include any details that allowed us to identify the vulnerable code, much less prepare a fix. Mails to ISC went unanswered for 36 hours. The SuSE security team regrets that the Internet Software Consortium has withheld vital information from the Internet community for so long, putting the majority of BIND users at risk. We would like to express our concern that the approach chosen by ISC and ISS is likely to erode trust in the security community if it becomes a model for dealing with security issues. We apologize to SuSE customers for not being able to provide timely fixes for this problem. The advisories by ISS and ISC mention the following problems in detail: 1. There is a buffer overflow in the way named handles SIG records. This buffer overflow can be exploited to obtain access to the victim host under the account the named process is running with. In order to exploit this problem, the attacker must control an existing DNS domain, and must be allowed to perform a recursive query. The impact of this vulnerability is serious. In all SuSE products, named is configured to run as user "named" by default, so a potential attacker or virus/worm does not get immediate root access. However, this is merely an additional obstacle the attacker faces. It may be possible for the attacker to exploit other, unpatched local vulnerabilities such as the recently announced traceroute hole to obtain root privilege. It may also be possible for an attacker to obtain increased privilege by manipulating the DNS zones served by thevictim BIND server. We recommend to upgrade to the provided packages. If this is not possible, we recommend to restrict recursive requests as a workaround. This can be done by adding a statement such as the following to /etc/named.conf: options { ... existing options ... # Restrict recursive queries to 192.168.1.*, # except 192.168.1.254. # Order does matter. allow-recursion { !192.168.1.254; 192.168.1/24; }; }; Alternatively, you can add "recursion no;" to the options section to turn off recursion completely. 2. There are several Denial Of Service problems in BIND8 that allow remote attackers to terminate the name server process. At least one of these vulnerabilities seems to be exploitable even when the attacker is not allowed to perform recursive queries, so that the workaround suggested above is not effective against this bug. Both vulnerabilities are addressed by this update, using patches originating from ISC. Due to the severity of this issue, we will provide update packages for SuSE Linux 7.0, even though support for this product has officially been discontinued. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the packages using the command "rpm -Fhv file.rpm" to apply the update. After updating, make sure to restart the name server process by issuing the following command as root: rcnamed restart Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.1: e1c07d8c1dd74374cc37e7fa692c9de1 b41734970bf88aa7b5d3debbf834b78d f7236e5e621725e100dbd204e2692a66 source rpm(s): 02154fbdc935a2900d70ce6a16e96543 SuSE-8.0: 07bc10c5c348c560084edb3c289459c9 4db27e9ad4ae038d81422a0c5b9a34d0 a1b3958e0fbaed30ddecbf7753007dbf source rpm(s): 0b66ae2b5c462f041625919fed7ab089 SuSE-7.3: fe0654b3de751533874b08a860afea5e 043a8c1c0bb2cc23308a614dc7bdc0fe 59aca78f5aacb3ff7ecbc252eb760956 source rpm(s): 355add6397435262c597ad662e3df119 SuSE-7.2: 1072a9fe708150bc14c70a72ca42dfd3 0713d9b200db862110493233bc1d8321 c681a91b38104cf47de4f4d454136a8a source rpm(s): 8f51737bc0c84b7be08fe3bb1d4012b4 SuSE-7.1: f2c14f81038d7ba952def27981b4599c 961a5403a41e8031c054a081ebf92ba5 source rpm(s): 7f3c9b95591fb22f00dc0b22cdd5fcf1 SuSE-7.0: 0a6b9e23cefa5cd9f06660571ebf85ff 3a6e0e81c2d8b05ee01a2a0b9c26e9a4 source rpm(s): 1c2cb2e531fe2834de84b22ad714de68 Sparc Platform: SuSE-7.3: c08454b933ed2365d9d2ab1322803af6 47e063be85fadfa2e5d0fce1746a34b5 46a97b033cca0a01dcb39ef90275ce46 source rpm(s): 827a7f56273c7a25ac40ffba728e9150 AXP Alpha Platform: SuSE-7.1: 77f39990fabacb545657236a60fecbe0 33bf9f28a7c9105c84216906694c7b7c source rpm(s): df347649fc98de695837a88452814ee6 SuSE-7.0: 23f307cda6a0eefb3d9f1a0439950bdd 0789b49749d93ddd79192506cda00f7a source rpm(s): 356306a7f2c079e2726b3aa8da496e9b PPC Power PC Platform: SuSE-7.3: 4cbeb4719625f8735ec03c27e1b27b85 37fca302d72c819e713f8038d730a527 f0f5cb7b808789606448a4d472c71400 source rpm(s): 5c810e6f144d0f2875bb06d2331f50d8 SuSE-7.1: 47fcc451954f03a915b57b500bd56c57 2c0de3b64d5c3d62cb840a534911ef31 source rpm(s): 235e142413ec35bcbdb86168b04b7a78 SuSE-7.0: 44dc01f6b4fae1dfd87874db6d42e8d9 d46f45bef0f12c3c5b071443ac9e7f13 source rpm(s): 1bac32496ae66d4b0e35bc34d4e500ff ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: BIND4 In addition to the vulnerabilities in BIND8 discussed above, ISS report several vulnerabilities in BIND4. As stated previously, SuSE has discontinued support for BIND4 and recommends that users upgrade to BIND8 as soon as possible. Trojaned libpcap/tcpdump There have been reports that the source packages of tcpdump and libpcap available from several FTP servers have been modified to include a trojan. We have checked our source packages for this and found them to be clean. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key
Nov 14, 2002
•Critical
SuSE
100
security advisorybuffer overflowSuSESuSE 7.1: SuSE-SA:2001:03 Critical: Bind8 Remote Root Access
bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over-flow a buffer.. ______________________________________________________________________________ SuSE Security Announcement Package: bind8 Announcement-ID: SuSE-SA:2001:03 Date: Tuesday, January 30th, 2000 23:40 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: remote root compromise Severity (1-10): 9 SuSE default package: no Other affected systems: all systems using bind, versions before 8.2.3-REL Content of this advisory: 1) security vulnerability resolved: bind8 problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over- flow a buffer and thereby execute arbitrary code as the user running the nameserver (this is user named by default on SuSE systems). In addition to this bug, another problem allows for a remote attacker to collect information about the running bind process (this has been found by Claudio Musmarra ). For more information on these bugs, please visit the CERT webpage at 2001 CERT Advisories and the bind bugs webpage at . The problem is existent in the upcoming SuSE distribution 7.1 that will be available by February 10th in the CD/DVD version. There exists no reasonable method to circumvent the problems other than to update the package as described below. Please choose the update package for your distribution from the URLs listed below and download the necessary rpm files. Then, install the package using the command `rpm -Uhv file.rpm´. rpm packages have an internal md5 checksum that protects against file corruption. You can verify this checksum using the command (independently from the md5 signatures below) `rpm --checksig --nogpg file.rpm', The md5 sums under each package are to prove the package authenticity, independently from the md5 checksums in the rpm package format. SPECIAL INSTALL INSTRUCTIONS: ============================= If you run a bind8 nameserver on your system, please update the package immediately. In order for the updated package to become active, the nameserver process "named" needs to be restarted. Do this using the command `rcnamed restart´ as root after performing the rpm command as shown above. Afterwards, check for the running daemon using the ps command as `ps aux´. The named process should show a new starting time. Repeat the `rcnamed restart´ command if the nameserver shut down too slowly to release the socket for the new server. i386 Intel Platform: SuSE-7.1 e9b354dbd96f6216b9da01f2b3a0a166 source rpm: f77200a6c476b58980f68b5db3fd7c4b SuSE-7.0 4fdee7483fce85f2a31a1a53d2b01b76 source rpm: e53896d1ddfb405774a492469621af02 SuSE-6.4 bb25cb6ba2e54bf929f61c14b3663b3e source rpm: 1033f0df4b747f1d2758fdae69a5fa17 SuSE-6.3 73fe798d4afb87beecb2546ecf076f64 source rpm: dfe4e452d8d0a0a8ff0994e514353b3f SuSE-6.2 48b45d14724e852810de130864ab8281 source rpm: 22ca23ed06739effc887370bfef2d83e SuSE-6.1 fc9cd0970c15246599f90ce1f5955f29 source rpm: 6cdf2e5c3a9a25ca98f8916de677cb70 SuSE-6.0 Please use the SuSE-6.1 packages for the SuSE-6.0distribution on the i386 Intel Platform. AXP Alpha Platform: SuSE-7.0 84014e0f19e52a09b90897e18d8eb774 source rpm: 99df556319e0c232d78cdb69d5d28ac0 SuSE-6.4 2e2a8f6c3c6838a7fd49bd7926fc3de3 source rpm: 9b0c2e8469f597f43010a125af8f54fe SuSE-6.3 0194fc4461ef902c46b75f28fa8f2ef6 source rpm: dffa2d911f6dae9092301bd8ad4f026f SuSE-6.1 ebd233233829eef3d73db7d0a828c35a source rpm: 582e7985719d3f7da86a77349aa1611d PPC Power PC Platform: SuSE-7.0 b9354106b0b89edf8f1883b2ea50e656 source rpm: 534d84e900c6edf3fa8f2ef546d08c0a SuSE-6.4 5c3a00ebd3ddb0388e460673bfec88d0 source rpm: 418ae09b44885199f4a4403748b6ab2b Sparc Platform: Due to build bottlenecks, the update package for the sparc platform (SuSE-7.0 distribution) is delayed. ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: SuSE distributions contain the bind nameserver in Version 4 as well. bind-4.x in the currently used version has security-related bugs, some of which are similar to the ones in the 8.x versions. We will provide update packages as well as an announcement for the bind (not bind8) package shortly, along with an own announcement. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe:
Jan 30, 2001
•Critical
SuSE
100
security advisorymoderatedenial of serviceSuSE: SA-2000:45 Moderate: Bind DoS Attack Fix for Affected Systems
BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks.. ______________________________________________________________________________ SuSE Security Announcement Package: bind8 Announcement-ID: SuSE-SA:2000:45 Date: Thursday, November 16th, 2000 16:00 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4 Vulnerability Type: remote denial of service Severity (1-10): 7 SuSE default package: no Other affected systems: all systems using bind, version 8.2.2 before patchlevel 7 Content of this advisory: 1) security vulnerability resolved: bind8 problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks: named may crash after a compressed zone transfer request (ZXFR) and if an SRV record (defined in RFC2782) is sent to the server. Administrators testing the ZXFR bug should be aware that it can take several seconds after the triggering the bug until the nameserver daemon crashes. SuSE versions 6.0 through 6.4 are affected by these two problems. The bind8 package in SuSE-7.0 is not affected because a different version of bind8 (8.2.3) was used in this distribution. By the release time of the SuSE-7.0 distribution our engineers have determined that the problems we had with stalling zone transfers under some obscure conditions were not present with the 8.2.3 release of the package. Administrators arestrongly recommended to upgrade their bind8 package using the provided packages from the sources below. There is a temporary fix for the ZXFR problem (disable zone transfers) but none for the SRV record problem. For the latest information about security vulnerabilities in the bind name server consider the Internet Software Consortium bind security webpage at . To check if your system has the vulnerable package installed, use the command `rpm -q ´. If applicable, please choose the update package(s) for your distribution from the URLs listed below and download the necessary rpm files. Then, install the package using the command `rpm -Uhv file.rpm´. rpm packages have an internal md5 checksum that protects against file corruption. You can verify this checksum using the command (independently from the md5 signatures below) `rpm --checksig --nogpg file.rpm', The md5 sums under each package are to prove the package authenticity, independently from the md5 checksums in the rpm package format. i386 Intel Platform: SuSE-6.4 c6f2242efe722aaa4320010e00ddc080 source rpm: ecd26bdf60d7950585649bc638a1d812 SuSE-6.3 d3f51528ad2120cd3dc6517c2bc26c0a source rpm: 6f1b8c1227d4876389a28d416a952713 SuSE-6.2 4d8a9f4c6e041326929bbdae97c10105 source rpm: 83807820676d98687797ffff6f5b425c SuSE-6.1 1694cf40b5fa41361749297c9cddbca4 source rpm: 8c5f727554e12a5aedb96de3db663518 SuSE-6.0 Please use the package from the 6.1 distribution. AXP Alpha Platform: SuSE-6.4 51f61faaad78160fb3dcc68a8588c209 source rpm: f42c51962852f8ff14e2d6423de62aec SuSE-6.3 4d16cecb0da4f8ed6bff9c92655b9036 source rpm: d8c4d1d9f0a14249151aa9d9e25f1db8 SuSE-6.1 6a4f5b18072cca93f9064fdc802e50fb source rpm: a3eec237cc642739b5b6c6eea6d197c0 PPC Power PC Platform: SuSE-6.4 65e82b875e7f8ff7409062d502d56115 source rpm: fd2a6e2a29a80b997758d4245913ff51 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: A new security announcement follows this advisory. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe:
Nov 16, 2000
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!