Date: Wed, 31 Jan 2001 02:18:25 +0100
From: Roman Drahtmueller draht@SUSE.DE
Subject: SuSE Security Announcement: bind8 (SuSE-SA:2001:03)
SuSE Security Announcement
Date: Tuesday, January 30th, 2000 23:40 MEST
Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
Vulnerability Type: remote root compromise
Severity (1-10): 9
SuSE default package: no
Other affected systems: all systems using bind, versions before
Content of this advisory:
1) security vulnerability resolved: bind8
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade
bind-8.x in all versions of the SuSE distributions contain a bug
in the transaction signature handling code that can allow to
remotely over- flow a buffer and thereby execute arbitrary code as
the user running the nameserver (this is user named by default on
SuSE systems). In addition to this bug, another problem allows for
a remote attacker to collect information about the running bind
process (this has been found by Claudio Musmarra ). For more
information on these bugs, please visit the CERT webpage at
and the bind bugs webpage at http://www.isc.org/products/BIND/bind-security.html
The problem is existent in the upcoming SuSE distribution 7.1
that will be available by February 10th in the CD/DVD version.
There exists no reasonable method to circumvent the problems
other than to update the package as described below.
Please choose the update package for your distribution from the
URLs listed below and download the necessary rpm files. Then,
install the package using the command `rpm -Uhv file.rpm´.
rpm packages have an internal md5 checksum that protects against
file corruption. You can verify this checksum using the command
(independently from the md5 signatures below)
`rpm --checksig --nogpg file.rpm',
The md5 sums under each package are to prove the package
authenticity, independently from the md5 checksums in the rpm
SPECIAL INSTALL INSTRUCTIONS:
If you run a bind8 nameserver on your system, please update the
package immediately. In order for the updated package to become
active, the nameserver process "named" needs to be restarted. Do
this using the command
as root after performing the rpm command as shown above.
Afterwards, check for the running daemon using the ps command as
`ps aux´. The named process should show a new starting time.
Repeat the `rcnamed restart´ command if the nameserver shut
down too slowly to release the socket for the new server.
Due to build bottlenecks, the update package for the sparc platform
(SuSE-7.0 distribution) is delayed.
2) Pending vulnerabilities in SuSE Distributions and
SuSE distributions contain the bind nameserver in Version 4 as
well. bind-4.x in the currently used version has security-related
bugs, some of which are similar to the ones in the 8.x versions. We
will provide update packages as well as an announcement for the
bind (not bind8) package shortly, along with an own
3) standard appendix:
SuSE runs two security mailing lists to which any interested
party may subscribe:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.