Bugtraq mailing list archives
[ Cobalt ] Security Advisory - Bind
From: jeffb () COBALTNET COM (Jeff Bilicki)
Date: Fri, 12 Nov 1999 17:08:19 -0800
Cobalt Networks -- Security Advisory -- 11.12.1999 Problem: A bug in the processing of NXT records can theoretically allow an attacker to gain access to the system running the DNS server at whatever privilege level the DNS server runs at. The full description can be found at http://www.isc.org/products/BIND/bind-security-19991108.html Relevant products and architectures Product Architecture Vulnerable to NXT Qube1 MIPS no Qube2 MIPS no RaQ1 MIPS no RaQ2 MIPS no RaQ3 x86 yes RPMS: ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-8.2.2_P3-C2.i386.rpm ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-devel-8.2.2_P3-C2.i386.rpm ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-utils-8.2.2_P3-C2.i386.rpm SRPMS: ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/bind-8.2.2_P3-C2.src.rpm MD5 sum Package Name ------------------------------------------------------------- 1cf09350860f4880423a85d27e976383 bind-8.2.2_P3-C2.i386.rpm ec5fba0ecd6a664dcbb4e1c9439ad7a5 bind-devel-8.2.2_P3-C2.i386.rpm 85fcfb6d05e8e2e6b8a64641037a106f bind-utils-8.2.2_P3-C2.i386.rpm You can verify each rpm using the following command: rpm --checksig [package] To install, use the following command, while logged in as root: rpm -U [package] The package file format (pkg) for this fix is currently in testing, and will be available in the near future. Jeff Bilicki Cobalt Networks
Current thread:
- (no subject) Anonymous (Nov 10)
- (no subject) David R. Conrad (Nov 11)
- Re: CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND Solar Designer (Nov 12)
- Buffer overflow exploit in the alpha linux Taeho Oh (Nov 13)
- Re: Buffer overflow exploit in the alpha linux Lamont Granquist (Nov 15)
- Re: your mail Brian Wellington (Nov 11)
- Re: your mail Alan Brown (Nov 12)
- [ Cobalt ] Security Advisory - Bind Jeff Bilicki (Nov 12)
- Microsoft Security Bulletin (MS99-049) Aleph One (Nov 12)
- Re: your mail Alain Thivillon (Nov 11)
- [w00giving '99 #3, w00news] UnixWare 7's /var/sadm Matt Conover (Nov 11)
- Re: your mail Firstname Lastname (Nov 12)
- (no subject) David R. Conrad (Nov 11)