Users login

Create an account »


Users login

Home » Hacking News » [DSA-196-1] New BIND packages fix several vulnerabilities

[DSA-196-1] New BIND packages fix several vulnerabilities

by Nikola Strahija on November 17th, 2002 ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses.

Circumstancial evidence suggests that the Internet Software Consortium
(ISC), maintainers of BIND, was made aware of these issues in mid-October.
Distributors of Open Source operating systems, including Debian, were
notified of these vulnerabilities via CERT about 12 hours before the release
of the advisories on November 12th. This notification did not include any
details that allowed us to identify the vulnerable code, much less prepare
timely fixes.

Unfortunately ISS and the ISC released their security advisories with only
descriptions of the vulnerabilities, without any patches. Even though there
were no signs that these exploits are known to the black-hat community, and
there were no reports of active attacks, such attacks could have been
developed in the meantime - with no fixes available.

We can all express our regret at the inability of the ironically named
Internet Software Consortium to work with the Internet community in handling
this problem. Hopefully this will not become a model for dealing with
security issues in the future.

The Common Vulnerabilities and Exposures (CVE) project identified the
following vulnerabilities:

1. CAN-2002-1219: A buffer overflow in BIND 8 versions 8.3.3 and earlier
allows a remote attacker to execute arbitrary code via a certain DNS
server response containing SIG resource records (RR). This buffer
overflow can be exploited to obtain access to the victim host under the
account the named process is running with, usually root.

2. CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3 allows a remote
attacker to cause a denial of service (termination due to assertion
failure) via a request for a subdomain that does not exist, with an OPT
resource record with a large UDP payload size.

3. CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows a remote attacker
to cause a denial of service (crash) via SIG RR elements with invalid
expiry times, which are removed from the internal BIND database and later
cause a null dereference.

These problems have been fixed in version 8.3.3-2.0woody1 for the current
stable distribution (woody), in 8.2.3-0.potato.3 for the previous stable
distribution (potato) and in version 8.3.3-3 for the unstable distribution
(sid). The fixed packages for unstable will enter the archive today.

We recommend that you upgrade your bind package immediately, update to
bind9, or switch to another DNS server implementation.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 2.2 (oldstable)
- ----------------------

Oldstable was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:
Size/MD5 checksum: 630 98f61786fa959c589c0a651868a622f9
Size/MD5 checksum: 162301 be163758728858c77dbee6ae67f9a5d5
Size/MD5 checksum: 2610779 46b88bbdb1487951ddad41f42d96e913

Architecture independent packages:
Size/MD5 checksum: 11784 e75edf3668a5e402a1786ead21dfa2c2
Size/MD5 checksum: 1205360 c238cea2c548ce03599948fa94aa2e7d

alpha architecture (DEC Alpha)
Size/MD5 checksum: 430518 538b677dcb4df6c0ef601663ff9cf3e7
Size/MD5 checksum: 757704 9f075c3e03d36c393fbeeaf2f5a7b10a
Size/MD5 checksum: 450254 c811eda1f1a8212d17d9beeafc892858

arm architecture (ARM)
Size/MD5 checksum: 348888 b53e413cdd06f1fa422e27e7f318deb9
Size/MD5 checksum: 354084 63004fdf3b7babf014e4b55d18f21be0
Size/MD5 checksum: 600964 e14cf9feb989058dfce82e42b112c09a

i386 architecture (Intel ia32)
Size/MD5 checksum: 340444 31b08eaeb38c0df2ed1cb6cb6fa3f5de
Size/MD5 checksum: 572016 540d025d851c207596f02f293d32dbca
Size/MD5 checksum: 309622 476724d25b348bdfa3f314bf8777e05a

m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 292776 8a6434791431dfb571516650b84d68e1
Size/MD5 checksum: 310122 696bb7556163e30bfd39d3798c2ba094
Size/MD5 checksum: 520006 ff5bb2578be770dcaa209fc9f28e66ae

powerpc architecture (PowerPC)
Size/MD5 checksum: 617500 15b7bc50fa768046c504a03ddafec602
Size/MD5 checksum: 376410 0305a064cb99e0c8a6946c8f33fcdc0c
Size/MD5 checksum: 371218 7dea62489269317b588df637e5b40298

sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 607994 05807466ad228e965b60daeaeb8b3738
Size/MD5 checksum: 368582 6dec11c8f07deb83622632e99875d601
Size/MD5 checksum: 335440 51a7f16483360f834f19577def32198f

Debian 3.0 (stable)
- -------------------

Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:
Size/MD5 checksum: 639 0a65835e20faaba4f351b34330b7aa2c
Size/MD5 checksum: 31430 d7ff2bae2f2233c0a6588fbea3dd9964
Size/MD5 checksum: 2713120 847ba93d1ac71b94560c002c9f730100

Architecture independent packages:
Size/MD5 checksum: 1290726 0634671f5432f7a8c348e9624e64d349

alpha architecture (DEC Alpha)
Size/MD5 checksum: 999188 f2b729eb9f85b55d8a71db3e44db825a
Size/MD5 checksum: 509272 402cd93961d836a8e4cf491655ae0a29

arm architecture (ARM)
Size/MD5 checksum: 826484 2a2abd103a460071f380ac501de6ee63
Size/MD5 checksum: 426982 657a181d3781da2db5e434c1199c7628

hppa architecture (HP PA RISC)
Size/MD5 checksum: 921372 6193f53e7d6f676ab306ffb81b4df10d
Size/MD5 checksum: 475096 a948f910047cbad89d1c7ff26faacfae

i386 architecture (Intel ia32)
Size/MD5 checksum: 381878 12c0435300e4a879037895d3bb7f2ddc
Size/MD5 checksum: 793562 27e5c151a7acda692fc332f4db9ce218

ia64 architecture (Intel ia64)
Size/MD5 checksum: 1285738 5a72e98954d09e5cf3c5caaaf05f5f34
Size/MD5 checksum: 575798 bfc630343fc7a88f5ce005e387ee9639

m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 362654 c6712c1d7f17daab556dbfe4a1823b99
Size/MD5 checksum: 720556 67e91d9890a14be213407ecc8c993bab

mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 926866 c76bc7407b6c67b507ab5cd33a4618e1
Size/MD5 checksum: 469762 75e3f4d14f742fa2fb44e0d4c9b7623d

mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 934246 c00972ae586cfd8a4475a932a35ca04a
Size/MD5 checksum: 470648 6271291263bfbfb4e14733d02c560fa0

powerpc architecture (PowerPC)
Size/MD5 checksum: 451604 b9459ac7c9554f0276bef06762257785
Size/MD5 checksum: 851852 85e204bc94b1a0bb2fd02c0d4717400a

s390 architecture (IBM S/390)
Size/MD5 checksum: 797738 101ec9c552bcf99618a08abb07209406
Size/MD5 checksum: 387006 3ba683f9d05c411897432aee90566024

sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 408732 e4463b87c64a6d08863c470e757a6dd2
Size/MD5 checksum: 839566 b42c13cdc206437eb3a5353d86e34201

These files will probably be moved into the stable distribution on
its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show ' and;
Version: GnuPG v1.2.1 (GNU/Linux)


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »