Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NetBSD 2002-029: named(8) multiple denial of service and remote execution of cod

NetBSD 2002-029: named(8) multiple denial of service and remote execution of cod

by Nikola Strahija on November 20th, 2002 Topic: named(8) multiple denial of service and remote execution of code


Version: NetBSD-current: November 15, 2002
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2: affected
NetBSD-1.5.1: affected
NetBSD-1.5: affected
pkgsrc: bind-4.9.10 and prior, bind-8.3.3 and prior

Severity: Remote root compromise

Fixed: NetBSD-current: November 15, 2002
NetBSD-1.6 branch: November 16, 2002
NetBSD-1.5 branch: November 16, 2002
pkgsrc: bind-4.9.10nb1, bind-8.3.3nb1


Abstract
========

named(8) version 8.3.3, which is shipped with NetBSD, is vulnerable to
remote execution of malicious code, and multiple denial of service attacks.


Technical Details
=================

http://www.isc.org/products/BIND/bind-security.html
See the sections named: BIND: Remote Execution of Code"
and "BIND: Multiple Denial of Service


Solutions and Workarounds
=========================

If you are not running named(8), your system is not affected.

BIND 9 is not affected by these vulnerabilities. Upgrading to BIND 9 is
recommended. BIND 9 is available in the NetBSD Pkgsrc Collection
(pkgsrc/net/bind9).

onfiguration files differ between BIND 8 and 9. Plan such a migration
appropriately.

BIND 8 servers with recursion disabled are not vulnerable to the `BIND SIG
Cached RR Overflow Vulnerability' nor to the `BIND SIG Expiry Time DoS'.
to disable recursion, edit the BIND 8 configuration file (default path
/etc/namedb/named.conf) to add `recursion no;' and `fetch-glue no;' to
the options statement as shown:

options {
recursion no;
fetch-glue no;
/* ... other options ... */
};



The following instructions describe how to upgrade your named
binaries by updating your source tree and rebuilding and
installing a new version of named.

Be sure to restart running instance of named(8) after installation.


* NetBSD-current:

Systems running NetBSD-current dated from before 2002-11-15
should be upgraded to NetBSD-current dated 2002-11-15 or later.

The following directories need to be updated from the
netbsd-current CVS branch (aka HEAD):
dist/bind
usr.sbin/bind

To update from CVS, re-build, and re-install named:
# cd src
# cvs update -d -P dist/bind usr.sbin/bind

# cd usr.sbin/bind
# make obj dependall
# make install


* NetBSD 1.6:

Systems running NetBSD 1.6 dated from before 2002-11-16 should
be upgraded to NetBSD 1.6 dated 2002-11-16 or later.

The following directories need to be updated from the
netbsd-1-6 CVS branch:
dist/bind
usr.sbin/bind

To update from CVS, re-build, and re-install named:
# cd src
# cvs update -d -P -r netbsd-1-6 dist/bind usr.sbin/bind

# cd usr.sbin/bind
# make obj dependall
# make install


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

Systems running NetBSD 1.5, 1.5.1, 1.5.2 or 1.5.3 dated from before
2002-11-16 should be upgraded to NetBSD 1.5 dated 2002-11-16 or
later.

The following directories need to be updated from the
netbsd-1-5 CVS branch:
dist/bind
usr.sbin/bind

To update from CVS, re-build, and re-install named:
# cd src
# cvs update -d -P -r netbsd-1-5 dist/bind usr.sbin/bind

# cd usr.sbin/bind
# make obj dependall
# make install


* pkgsrc

bind-4.9.10 and prior, as well as bind-8.3.3 and prior are vulnerable.
Upgrade to bind-4.9.10nb1, or bind-8.3.3nb1 (or later).


Thanks To
=========

FreeBSD Security-Officer, for portions of the workaround text.


Revision History
===============

2002-11-20 Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-029.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved.

$NetBSD: NetBSD-SA2002-029.txt,v 1.7 2002/11/19 17:09:59 david Exp $



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »