____________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux: buffer overflow in multiple DNS resolver libraries Advisory number: CSSA-2002-034.0 Issue date: 2002 August 05 Cross reference: ____________________________________________________________________________ 1. Problem Description From CERT CA-2002-19: A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Operating systems and applications that utilize vulnerable DNS resolver libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to bind-8.3.3-1.i386.rpm prior to bind-doc-8.3.3-1.i386.rpm prior to bind-utils-8.3.3-1.i386.rpm prior to ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/RPMS 4.2 Packages c4175dab7596a7e20540b548a9245351 bind-8.3.3-1.i386.rpm 0492168645952a0c3331a8550a955b98 bind-doc-8.3.3-1.i386.rpm bb21f7d71544b7d30a45ad052a16f61b bind-utils-8.3.3-1.i386.rpm 3981b760212d84b07f3ada0b6f640ae7 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-034.0/SRPMS 4.5 Source Packages 2c0e5c37e7ce156e2248e9fffaa8406c ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/RPMS 5.2 Packages 63aa5ba585097c12a57a095aee7c1581 bind-8.3.3-1.i386.rpm 85f08cbe9ac9b76bca6ca701e57c0a88 bind-doc-8.3.3-1.i386.rpm c09ace86a9e096024cb97aad1e253531 bind-utils-8.3.3-1.i386.rpm cf8a07b46703849238b53e3af6b5b310 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-034.0/SRPMS 5.5 Source Packages c7987406a635360bb39246e9bc850700 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/RPMS 6.2 Packages 97310a145a1fac4fffc960feab323cc4 bind-8.3.3-1.i386.rpm 8a0d3c316ec29647540aa2a0b6792dfc bind-doc-8.3.3-1.i386.rpm 962f50faaa4b324c95c82be85bdf711c bind-utils-8.3.3-1.i386.rpm ae5ac1338fd90a7e65ccd0fa707d55e3 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-034.0/SRPMS 6.5 Source Packages 1d49abc211068aedd550d8b82837c6c4 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/RPMS 7.2 Packages 06f426cfbffc0282216aedab4c235abb bind-8.3.3-1.i386.rpm a069730960a6b3bb19aacfaa020f1625 bind-doc-8.3.3-1.i386.rpm 9a6a47c0040f3fdf89885d4f7b95fd32 bind-utils-8.3.3-1.i386.rpm a75a8f74a263b5290f697609439084cf ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-034.0/SRPMS 7.5 Source Packages 96f2c68732c563df08a69f14fbb9ecdb http://www.cert.org/advisories/CA-2002-19.html http://www.kb.cert.org/vuls/id/803539 http://www.kb.cert.org/vuls/id/542971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0651 http://www.isc.org/products/BIND/bind-security.html Caldera security resources: http://www.caldera.com/support/security/index.html This security fix closes Caldera incidents sr866552, fz521492, erg501623. 9. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera products. 10. Acknowledgements Caldera wishes to thank the CERT Coordination Center, Joost Pol of PINE-CERT, the FreeBSD Project, and the NetBSD Project for information used in this document.
Caldera Linux Advisory: DNS resolver libraries
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis