Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » MDKSA-2002:043-bind

MDKSA-2002:043-bind

by Nikola Strahija on July 17th, 2002 A buffer overflow vulnerability exists in different implementations of the DNS resolver libraries. A remote attacker able to sent malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a DoS (Denial of Service) on a vulnerable system. The named daemon itself is not vulnerable to this problem, but this latest version of bind 8 includes fixes to the DNS resolver libraries.


References:

http://www.cert.org/advisories/CA-2002-19.html
________________________________________________________________________

Updated Packages:

Linux-Mandrake 7.1:
295235c2046dd9ad552c329b3ce98023 7.1/RPMS/bind-8.3.3-1.1mdk.i586.rpm
e43df269df301b4025ccea2b7fc4fdb1 7.1/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm
ee0d687da7dc5c11f955e50074e60817 7.1/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm
b1c2e58c7e36cb710211bede608d550d 7.1/SRPMS/bind-8.3.3-1.1mdk.src.rpm

Linux-Mandrake 7.2:
85334842b02275f9ebea86821a9f4300 7.2/RPMS/bind-8.3.3-1.1mdk.i586.rpm
47e4c8afba3147f8035d8579d98764a1 7.2/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm
9f0803a609e9a734182850f966085ba3 7.2/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm
b1c2e58c7e36cb710211bede608d550d 7.2/SRPMS/bind-8.3.3-1.1mdk.src.rpm

Corporate Server 1.0.1:
295235c2046dd9ad552c329b3ce98023 1.0.1/RPMS/bind-8.3.3-1.1mdk.i586.rpm
e43df269df301b4025ccea2b7fc4fdb1 1.0.1/RPMS/bind-devel-8.3.3-1.1mdk.i586.rpm
ee0d687da7dc5c11f955e50074e60817 1.0.1/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm
b1c2e58c7e36cb710211bede608d550d 1.0.1/SRPMS/bind-8.3.3-1.1mdk.src.rpm

Single Network Firewall 7.2:
85334842b02275f9ebea86821a9f4300 snf7.2/RPMS/bind-8.3.3-1.1mdk.i586.rpm
9f0803a609e9a734182850f966085ba3 snf7.2/RPMS/bind-utils-8.3.3-1.1mdk.i586.rpm
b1c2e58c7e36cb710211bede608d550d snf7.2/SRPMS/bind-8.3.3-1.1mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:

rpm --checksig

All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:

https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

[email protected]
________________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team



- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »