---

Caldera Linux Advisory: DNS resolver libraries

____________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: buffer overflow in multiple DNS resolver libraries
Advisory number:        CSSA-2002-034.0
Issue date:             2002 August 05
Cross reference:
____________________________________________________________________________


1. Problem Description

        From CERT CA-2002-19: A buffer overflow vulnerability exists in
        multiple implementations of DNS resolver libraries. Operating
        systems and applications that utilize vulnerable DNS resolver
        libraries may be affected. A remote attacker who is able to
        send malicious DNS responses could potentially exploit this
        vulnerability to execute arbitrary code or cause a denial of
        service on a vulnerable system.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to bind-8.3.3-1.i386.rpm
                                        prior to bind-doc-8.3.3-1.i386.rpm
                                        prior to bind-utils-8.3.3-1.i386.rpm
                                        prior to ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/RPMS

        4.2 Packages

        c4175dab7596a7e20540b548a9245351        bind-8.3.3-1.i386.rpm
        0492168645952a0c3331a8550a955b98        bind-doc-8.3.3-1.i386.rpm
        bb21f7d71544b7d30a45ad052a16f61b        bind-utils-8.3.3-1.i386.rpm
        3981b760212d84b07f3ada0b6f640ae7        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/SRPMS

        4.5 Source Packages

        2c0e5c37e7ce156e2248e9fffaa8406c        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/RPMS

        5.2 Packages

        63aa5ba585097c12a57a095aee7c1581        bind-8.3.3-1.i386.rpm
        85f08cbe9ac9b76bca6ca701e57c0a88        bind-doc-8.3.3-1.i386.rpm
        c09ace86a9e096024cb97aad1e253531        bind-utils-8.3.3-1.i386.rpm
        cf8a07b46703849238b53e3af6b5b310        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/SRPMS

        5.5 Source Packages

        c7987406a635360bb39246e9bc850700        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/RPMS

        6.2 Packages

        97310a145a1fac4fffc960feab323cc4        bind-8.3.3-1.i386.rpm
        8a0d3c316ec29647540aa2a0b6792dfc        bind-doc-8.3.3-1.i386.rpm
        962f50faaa4b324c95c82be85bdf711c        bind-utils-8.3.3-1.i386.rpm
        ae5ac1338fd90a7e65ccd0fa707d55e3        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/SRPMS

        6.5 Source Packages

        1d49abc211068aedd550d8b82837c6c4        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/RPMS

        7.2 Packages

        06f426cfbffc0282216aedab4c235abb        bind-8.3.3-1.i386.rpm
        a069730960a6b3bb19aacfaa020f1625        bind-doc-8.3.3-1.i386.rpm
        9a6a47c0040f3fdf89885d4f7b95fd32        bind-utils-8.3.3-1.i386.rpm
        a75a8f74a263b5290f697609439084cf        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/SRPMS

        7.5 Source Packages

        96f2c68732c563df08a69f14fbb9ecdb        http://www.cert.org/advisories/CA-2002-19.html
                http://www.kb.cert.org/vuls/id/803539
                http://www.kb.cert.org/vuls/id/542971
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651
                http://www.isc.org/products/BIND/bind-security.html

        Caldera security resources:

                http://www.caldera.com/support/security/index.html

        This security fix closes Caldera incidents sr866552, fz521492,
        erg501623.


9. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


10. Acknowledgements

        Caldera wishes to thank the CERT Coordination Center, Joost
        Pol of PINE-CERT, the FreeBSD Project, and the NetBSD Project
        for information used in this document.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis