Bug 25209

Summary: Vulnerabilities in BIND 4 and 8
Product: [Retired] Red Hat Linux Reporter: Ricardo Ariel Gorosito <rgorosito>
Component: bindAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED ERRATA QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: abacher
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-01-29 22:44:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ricardo Ariel Gorosito 2001-01-29 19:11:04 UTC 
Network Associates, Inc. report in bugtraq:
...
o Synopsis

BIND 8 contains a buffer overflow that allows a remote attacker to
execute arbitrary code. The overflow is in the initial processing of
a DNS request and therefore does not require an attacker to control
an authoritative DNS server.  In addition, the vulnerability is not
dependent upon configuration options and affects both recursive and
non-recursive servers.  This vulnerability has been designated as
CVE candidate CAN-2001-10.

RISK FACTOR: HIGH
...
o Vulnerable Systems

BIND 8 versions: 8.2, 8.2.1
                 8.2.2 through to 8.2.2-P7
                 8.2.3-T1A through to 8.2.3-T9B

BIND 4 versions: buffer overflow - 4.9.5 through to 4.9.7
                 format string   - 4.9.3 through to 4.9.5-P1
Comment 1 Bernhard Rosenkraenzer 2001-01-29 19:19:42 UTC 
I've fixed this last Saturday, the packages are waiting for QA approval.

In the mean time, you can get them at
	http://www.linux-easy.com/rh-updates/
Comment 2 Bernhard Rosenkraenzer 2001-01-29 19:19:59 UTC 
*** Bug 25186 has been marked as a duplicate of this bug. ***
Comment 3 Bernhard Rosenkraenzer 2001-01-29 21:09:38 UTC 
*** Bug 25221 has been marked as a duplicate of this bug. ***
Comment 4 Bernhard Rosenkraenzer 2001-01-29 21:10:05 UTC 
*** Bug 25220 has been marked as a duplicate of this bug. ***
Comment 5 Bernhard Rosenkraenzer 2001-01-29 22:44:56 UTC 
*** Bug 25230 has been marked as a duplicate of this bug. ***
Comment 6 Bernhard Rosenkraenzer 2001-01-29 22:45:24 UTC 
Errata released.
Comment 7 Bernhard Rosenkraenzer 2001-01-30 18:00:16 UTC 
*** Bug 25312 has been marked as a duplicate of this bug. ***
Comment 8 Bernhard Rosenkraenzer 2001-01-30 18:40:23 UTC 
*** Bug 25313 has been marked as a duplicate of this bug. ***
Comment 9 Bernhard Rosenkraenzer 2001-01-30 20:35:50 UTC 
*** Bug 25331 has been marked as a duplicate of this bug. ***