---

Home Security

LinuxPPC.org: Security Advisory — bind

By

Package: bind
New Version: 8.2.3-0.6.x
Reference URL: http://www.securityfocus.com/vdb/?id=2302

http://www.securityfocus.com/vdb/?id=2304

Description:

BIND is a server program that implements the domain name service
protocol. It is in extremely wide use on the Internet. Versions 8.2
and above of BIND contain a ‘single byte’ stack overflow that may
be exploitable by remote attackers.

The vulnerability is present when BIND recieves queries via the
UDP transport protocol. When a query is recieved, it is read from
the datagram into a local buffer on the stack and then processed.
This buffer is 512 bytes in length, the maximum amount of
information that can be sent in a single UDP datagram.

When sending responses, BIND re-uses this buffer for creating
the response. As BIND processes the request, it appends data to the
DNS response (in the local buffer). The length of the DNS message
as well as the number of bytes that can be written are kept track
of using two variables.

When a transaction signature is included in the query, BIND
skips normal processing of the request and attempts to verify the
signature. If the signature is invalid, a TSIG response is appended
to a location in memory that BIND thinks is the end of the message
(based on the two variables described above). Unfortunately, since
BIND has not processed the message normally, this location is far
from where it should be. This can result in the TSIG response being
written partially over the executing function’s stack frame.

The TSIG response consists of fixed values, including zero-value
bytes. If the least significant byte of the saved base pointer in
the stack frame is overwritten (with a zero, for example), it could
end up referencing memory under the control of the attacker.

If this happens, the attacker has control over the stack frame
of the calling function. An arbitrary address supplied by the
attacker inserted within this region of memory can be referenced as
a return address when the calling function returns. If this address
points to shellcode, it will be executed with privileges of
named.

Download (Binaries):

bind-8.2.3-0.6.x.ppc.rpm

bind-devel-8.2.3-0.6.x.ppc.rpm

bind-utils-8.2.3-0.6.x.ppc.rpm

Download (Source):

bind-8.2.3-0.6.x.src.rpm

MD5 Checksums:
c79f635c632470923460d439bd0bc7c8 bind-8.2.3-0.6.x.ppc.rpm
8b88db66f43c0324d83770bb6e4c17c9 bind-8.2.3-0.6.x.src.rpm
0e38b579f5363708cb45ae03061cb5d3 bind-devel-8.2.3-0.6.x.ppc.rpm
6bd8ef3b54cbc0cde3442d79d4715246
bind-utils-8.2.3-0.6.x.ppc.rpm

Instructions: To update your packages,
use

rpm -Fvh filename

for each RPM.
To verify each RPM, use

rpm --checksig filename

LinuxPPC.org’s GPG key may be found here.

To resolve any package dependencies, please see rpmfind.net

Questions should be directed to jvagle@linuxppc.org

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.