Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[ Cobalt ] Security Advisory - Bind

From: jeffb () COBALTNET COM (Jeff Bilicki)
Date: Fri, 12 Nov 1999 17:08:19 -0800

Cobalt Networks -- Security Advisory -- 11.12.1999

Problem:
A bug in the processing of NXT records can theoretically allow an
attacker to gain access to the system running the DNS server at whatever
privilege level the DNS server runs at.  The full description can be
found at http://www.isc.org/products/BIND/bind-security-19991108.html

Relevant products and architectures
Product         Architecture    Vulnerable to NXT
Qube1           MIPS                    no
Qube2           MIPS                    no
RaQ1            MIPS                    no
RaQ2            MIPS                    no
RaQ3            x86                     yes

RPMS:
ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-8.2.2_P3-C2.i386.rpm
ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-devel-8.2.2_P3-C2.i386.rpm
ftp://ftp.cobaltnet.com/pub/experimental/security/rpms/bind-utils-8.2.2_P3-C2.i386.rpm

SRPMS:
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/bind-8.2.2_P3-C2.src.rpm

MD5 sum                          Package Name
-------------------------------------------------------------
1cf09350860f4880423a85d27e976383 bind-8.2.2_P3-C2.i386.rpm
ec5fba0ecd6a664dcbb4e1c9439ad7a5 bind-devel-8.2.2_P3-C2.i386.rpm
85fcfb6d05e8e2e6b8a64641037a106f bind-utils-8.2.2_P3-C2.i386.rpm

You can verify each rpm using the following command:
rpm --checksig  [package]

To install, use the following command, while logged in as root:
rpm -U [package]

The package file format (pkg) for this fix is currently in testing, and
will be available in the near future.

Jeff Bilicki
Cobalt Networks
Previous By Date Next
Previous By Thread Next

Current thread: