SuSE Security Announcement: bind8Nov 16, 2000, 20:41 (0 Talkback[s])
(Other stories by Roman Drahtmueller)
Date: Thu, 16 Nov 2000 16:29:15 +0100 (MET)
SuSE Security Announcement Package: bind8 Announcement-ID: SuSE-SA:2000:45 Date: Thursday, November 16th, 2000 16:00 MEST Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4 Vulnerability Type: remote denial of service Severity (1-10): 7 SuSE default package: no Other affected systems: all systems using bind, version 8.2.2 before patchlevel 7 Content of this advisory: 1) security vulnerability resolved: bind8 problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade information
BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has been found vulnerable to two denial of service attacks: named may crash after a compressed zone transfer request (ZXFR) and if an SRV record (defined in RFC2782) is sent to the server. Administrators testing the ZXFR bug should be aware that it can take several seconds after the triggering the bug until the nameserver daemon crashes. SuSE versions 6.0 through 6.4 are affected by these two problems. The bind8 package in SuSE-7.0 is not affected because a different version of bind8 (8.2.3) was used in this distribution. By the release time of the SuSE-7.0 distribution our engineers have determined that the problems we had with stalling zone transfers under some obscure conditions were not present with the 8.2.3 release of the package.
Administrators are strongly recommended to upgrade their bind8 package using the provided packages from the sources below. There is a temporary fix for the ZXFR problem (disable zone transfers) but none for the SRV record problem.
For the latest information about security vulnerabilities in the bind name server consider the Internet Software Consortium bind security webpage at http://www.isc.org/products/BIND/bind-security.html .
To check if your system has the vulnerable package installed,
use the command `rpm -q ´. If applicable, please choose the
update package(s) for your distribution from the URLs listed below
and download the necessary rpm files. Then, install the package
using the command `rpm -Uhv file.rpm´. rpm packages have an
internal md5 checksum that protects against file corruption. You
can verify this checksum using the command (independently from the
md5 signatures below)
i386 Intel Platform:
SuSE-6.0 Please use the package from the 6.1 distribution.
AXP Alpha Platform:
PPC Power PC Platform:
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
A new security announcement follows this advisory.
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may subscribe:
SuSE's security contact is firstname.lastname@example.org.
- - | Roman Drahtmüller email@example.com // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -