____________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Linux: buffer overflow in multiple DNS resolver libraries
Advisory number: CSSA-2002-034.0
Issue date: 2002 August 05
Cross reference:
____________________________________________________________________________
1. Problem Description
From CERT CA-2002-19: A buffer overflow vulnerability exists in
multiple implementations of DNS resolver libraries. Operating
systems and applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to
send malicious DNS responses could potentially exploit this
vulnerability to execute arbitrary code or cause a denial of
service on a vulnerable system.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to bind-8.3.3-1.i386.rpm
prior to bind-doc-8.3.3-1.i386.rpm
prior to bind-utils-8.3.3-1.i386.rpm
prior to ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/RPMS
4.2 Packages
c4175dab7596a7e20540b548a9245351 bind-8.3.3-1.i386.rpm
0492168645952a0c3331a8550a955b98 bind-doc-8.3.3-1.i386.rpm
bb21f7d71544b7d30a45ad052a16f61b bind-utils-8.3.3-1.i386.rpm
3981b760212d84b07f3ada0b6f640ae7 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/SRPMS
4.5 Source Packages
2c0e5c37e7ce156e2248e9fffaa8406c ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/RPMS
5.2 Packages
63aa5ba585097c12a57a095aee7c1581 bind-8.3.3-1.i386.rpm
85f08cbe9ac9b76bca6ca701e57c0a88 bind-doc-8.3.3-1.i386.rpm
c09ace86a9e096024cb97aad1e253531 bind-utils-8.3.3-1.i386.rpm
cf8a07b46703849238b53e3af6b5b310 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/SRPMS
5.5 Source Packages
c7987406a635360bb39246e9bc850700 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/RPMS
6.2 Packages
97310a145a1fac4fffc960feab323cc4 bind-8.3.3-1.i386.rpm
8a0d3c316ec29647540aa2a0b6792dfc bind-doc-8.3.3-1.i386.rpm
962f50faaa4b324c95c82be85bdf711c bind-utils-8.3.3-1.i386.rpm
ae5ac1338fd90a7e65ccd0fa707d55e3 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/SRPMS
6.5 Source Packages
1d49abc211068aedd550d8b82837c6c4 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/RPMS
7.2 Packages
06f426cfbffc0282216aedab4c235abb bind-8.3.3-1.i386.rpm
a069730960a6b3bb19aacfaa020f1625 bind-doc-8.3.3-1.i386.rpm
9a6a47c0040f3fdf89885d4f7b95fd32 bind-utils-8.3.3-1.i386.rpm
a75a8f74a263b5290f697609439084cf ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/SRPMS
7.5 Source Packages
96f2c68732c563df08a69f14fbb9ecdb http://www.cert.org/advisories/CA-2002-19.html
http://www.kb.cert.org/vuls/id/803539
http://www.kb.cert.org/vuls/id/542971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651
http://www.isc.org/products/BIND/bind-security.html
Caldera security resources:
http://www.caldera.com/support/security/index.html
This security fix closes Caldera incidents sr866552, fz521492,
erg501623.
9. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on this website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera products.
10. Acknowledgements
Caldera wishes to thank the CERT Coordination Center, Joost
Pol of PINE-CERT, the FreeBSD Project, and the NetBSD Project
for information used in this document.
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
