SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(SCO Issues Fix for UnixWare) BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions
SecurityTracker Alert ID:  1008361
SecurityTracker URL:  http://securitytracker.com/id/1008361
CVE Reference:   CVE-2003-0914   (Links to External Site)
Date:  Dec 2 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.4.2 and prior versions
Description:   A vulnerability was reported in BIND 8. A remote user can introduce invalid DNS records to cause denial of service conditions.

It is reported that a remote user can conduct a cache poisoning attack by causing the target server to retain invalid negative responses. A temporary denial of service may occur until the invalid record expires from the cache.

No further details were provided.

Impact:   A remote user can cause denial of service conditions.
Solution:   SCO has issued a fix for UnixWare 7.1.1. UnixWare 7.1.3 and Open UNIX 8.0.0 are reportedly not affected (as they ship with BIND 9).

UnixWare 7.1.1:

Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33

The verification checksum is:

MD5 (erg712479.Z) = c1faea2a6a1da952e88c5123f88a2f89

Vendor URL:  isc.org/products/BIND/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7.1.1

Message History:   This archive entry is a follow-up to the message listed below.
Nov 27 2003 BIND 8 Negative Cache Poisoning May Cause Denial of Service Conditions



 Source Message Contents

Subject:  [Full-Disclosure] UnixWare 7.1.1 : Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2



To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.1 : Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2
Advisory number: 	CSSA-2003-SCO.33
Issue date: 		2003 December 01
Cross reference: 	sr886768 fz528464 erg712479 CAN-2003-0914
______________________________________________________________________________


1. Problem Description

	 UnixWare 7.1.3 is unaffected by this issue because the
	 version of bind included in UnixWare 7.1.3 is 9.2.1. 

	 Open UNIX is also unaffected by this issue because the version
	 of bind in Open UNIX 8.0.0 is 9.1.0. 

	 CERT/CC Incident Note VU#734644 

	 BIND is an implementation of the Domain Name System (DNS) 
	 protocols. Successful exploitation of this vulnerability 
	 may result in a temporary denial of service.

	 The Common Vulnerabilities and Exposures project (cve.mitre.org)
	 has assigned the name CAN-2003-0914 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.1 			/usr/sbin/addr
					/usr/sbin/dig
					/usr/sbin/dnskeygen
					/usr/sbin/dnsquery
					/usr/sbin/host
					/usr/sbin/in.named
					/usr/sbin/irpd
					/usr/sbin/mkservdb
					/usr/sbin/named-bootconf
					/usr/sbin/named-bootconf.pl
					/usr/sbin/named-xfer
					/usr/sbin/ndc
					/usr/sbin/nslookup
					/usr/sbin/nsupdate

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.1

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33


	4.2 Verification

	MD5 (erg712479.Z) = c1faea2a6a1da952e88c5123f88a2f89

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Unknown installation method


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr886768 fz528464
	erg712479.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.
______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/y8gZaqoBO7ipriERAkRQAKCQ+f4Q5Etfz8L83tr/vGGRzI1kYQCgl/hK
g7YQSKd9TDnf59KkuFTbrBQ=
=XyVk
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC