This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 25209 - Vulnerabilities in BIND 4 and 8
Vulnerabilities in BIND 4 and 8
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: bind (Show other bugs)
7.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
: Security
: 25186 25220 25221 25312 25313 25331 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-29 14:11 EST by Ricardo Ariel Gorosito
Modified: 2007-04-18 12:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-29 17:44:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ricardo Ariel Gorosito 2001-01-29 14:11:04 EST
Network Associates, Inc. report in bugtraq:
...
o Synopsis

BIND 8 contains a buffer overflow that allows a remote attacker to
execute arbitrary code. The overflow is in the initial processing of
a DNS request and therefore does not require an attacker to control
an authoritative DNS server.  In addition, the vulnerability is not
dependent upon configuration options and affects both recursive and
non-recursive servers.  This vulnerability has been designated as
CVE candidate CAN-2001-10.

RISK FACTOR: HIGH
...
o Vulnerable Systems

BIND 8 versions: 8.2, 8.2.1
                 8.2.2 through to 8.2.2-P7
                 8.2.3-T1A through to 8.2.3-T9B

BIND 4 versions: buffer overflow - 4.9.5 through to 4.9.7
                 format string   - 4.9.3 through to 4.9.5-P1
Comment 1 Bernhard Rosenkraenzer 2001-01-29 14:19:42 EST
I've fixed this last Saturday, the packages are waiting for QA approval.

In the mean time, you can get them at
	http://www.linux-easy.com/rh-updates/

Comment 2 Bernhard Rosenkraenzer 2001-01-29 14:19:59 EST
*** Bug 25186 has been marked as a duplicate of this bug. ***
Comment 3 Bernhard Rosenkraenzer 2001-01-29 16:09:38 EST
*** Bug 25221 has been marked as a duplicate of this bug. ***
Comment 4 Bernhard Rosenkraenzer 2001-01-29 16:10:05 EST
*** Bug 25220 has been marked as a duplicate of this bug. ***
Comment 5 Bernhard Rosenkraenzer 2001-01-29 17:44:56 EST
*** Bug 25230 has been marked as a duplicate of this bug. ***
Comment 6 Bernhard Rosenkraenzer 2001-01-29 17:45:24 EST
Errata released.
Comment 7 Bernhard Rosenkraenzer 2001-01-30 13:00:16 EST
*** Bug 25312 has been marked as a duplicate of this bug. ***
Comment 8 Bernhard Rosenkraenzer 2001-01-30 13:40:23 EST
*** Bug 25313 has been marked as a duplicate of this bug. ***
Comment 9 Bernhard Rosenkraenzer 2001-01-30 15:35:50 EST
*** Bug 25331 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.