|
| Current Newswire:
Caldera Systems Security Advisory: BIND buffer overflowJan 30, 2001, 23:21 (0 Talkback[s])Date: Mon, 29 Jan 2001 13:23:08 -0700 Caldera Systems, Inc. Security Advisory Subject: BIND buffer overflow Advisory number: CSSA-2001-008.0 Issue date: 2001 January, 29 Cross reference: 1. Problem Description Several security problems have been discovered in the most recent versions of BINDv8 (8.2.2p7). One of them is a buffer overflow that can potentially exploited to execute arbitrary code with the privilege of the bind user. If you do not run the BIND named server, you are not affected by this problem. 2. Vulnerable Versions System Package OpenLinux 2.3 All packages previous to bind-8.2.3 OpenLinux eServer 2.3.1 All packages previous to and OpenLinux eBuilder bind-8.2.3 OpenLinux eDesktop 2.4 All packages previous to bind-8.2.33. Solution Workaround none The proper solution is to upgrade to the latest packages. As a matter of caution, we also suggest that you run the name server process under a non-root user ID. In case of future security holes in bind, this makes sure that remote attackers do not immediately obtain root access. Be warned however that when running the name server process under a non-root uid it loses the ability to automatically re-bind itself when you change the address of a network interface, or create a new one. If you do that, you need to manually restart named in this case. On eDesktop 2.4, named already runs under the "bind" account by default; this is not the case on OpenLinux 2.3 and eServer 2.3.1, however. Here's what to do: a. Create a new user and group named `bind'. Pick an unused user and group ID (on a normal OpenLinux installation, uid and gid 19 should be available). Run the following commands as super user, replacing and by the user and group IDs you selected: # groupadd -g <gid> bind # useradd -u <uid> -g <gid> -d / -s /bin/false bind b. Change the ownership of /var/named to bind.bind: # chown -R bind.bind /var/named c. Edit /etc/sysconfig/daemons/named. Replace the line OPTIONS="" with OPTIONS="-u bind" This makes sure that the name server process relinquishes root privilege after initialization. d. Stop and restart your name server: # /etc/rc.d/init.d/named stop # /etc/rc.d/init.d/named start Note that simply issuing /etc/rc.d/init.d/named restart will not be enough!4. OpenLinux 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification 01f9c6b514ab5aa70c3fe200c0c97243 RPMS/bind-8.2.3-1.i386.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv bind-*i386.rpm /etc/rc.d/init.d/named stop /etc/rc.d/init.d/named start5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification f454346c9bf531d6e9aa014d2be93e99 RPMS/bind-8.2.3-1.i386.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh bind-*i386.rpm /etc/rc.d/init.d/named stop /etc/rc.d/init.d/named start6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification acd707632ae0e33432b5d37862265517 RPMS/bind-8.2.3-1.i386.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fvh bind-*i386.rpm /etc/rc.d/init.d/named stop /etc/rc.d/init.d/named start7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html Additional information on this bug can be found at http://www.cert.org/advisories/CA-2001-02.html This security fix closes Caldera's internal Problem Report 8942. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. |