Bug 25209 - Vulnerabilities in BIND 4 and 8
Summary: Vulnerabilities in BIND 4 and 8
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: bind
Version: 7.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: David Lawrence
URL:
Whiteboard:
: 25186 25220 25221 25312 25313 25331 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-29 19:11 UTC by Ricardo Ariel Gorosito
Modified: 2007-04-18 16:30 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-01-29 22:44:59 UTC
Embargoed:

Attachments (Terms of Use)

Description Ricardo Ariel Gorosito 2001-01-29 19:11:04 UTC 
Network Associates, Inc. report in bugtraq:
...
o Synopsis

BIND 8 contains a buffer overflow that allows a remote attacker to
execute arbitrary code. The overflow is in the initial processing of
a DNS request and therefore does not require an attacker to control
an authoritative DNS server.  In addition, the vulnerability is not
dependent upon configuration options and affects both recursive and
non-recursive servers.  This vulnerability has been designated as
CVE candidate CAN-2001-10.

RISK FACTOR: HIGH
...
o Vulnerable Systems

BIND 8 versions: 8.2, 8.2.1
                 8.2.2 through to 8.2.2-P7
                 8.2.3-T1A through to 8.2.3-T9B

BIND 4 versions: buffer overflow - 4.9.5 through to 4.9.7
                 format string   - 4.9.3 through to 4.9.5-P1
Comment 1 Bernhard Rosenkraenzer 2001-01-29 19:19:42 UTC 
I've fixed this last Saturday, the packages are waiting for QA approval.

In the mean time, you can get them at
	http://www.linux-easy.com/rh-updates/
Comment 2 Bernhard Rosenkraenzer 2001-01-29 19:19:59 UTC 
*** Bug 25186 has been marked as a duplicate of this bug. ***
Comment 3 Bernhard Rosenkraenzer 2001-01-29 21:09:38 UTC 
*** Bug 25221 has been marked as a duplicate of this bug. ***
Comment 4 Bernhard Rosenkraenzer 2001-01-29 21:10:05 UTC 
*** Bug 25220 has been marked as a duplicate of this bug. ***
Comment 5 Bernhard Rosenkraenzer 2001-01-29 22:44:56 UTC 
*** Bug 25230 has been marked as a duplicate of this bug. ***
Comment 6 Bernhard Rosenkraenzer 2001-01-29 22:45:24 UTC 
Errata released.
Comment 7 Bernhard Rosenkraenzer 2001-01-30 18:00:16 UTC 
*** Bug 25312 has been marked as a duplicate of this bug. ***
Comment 8 Bernhard Rosenkraenzer 2001-01-30 18:40:23 UTC 
*** Bug 25313 has been marked as a duplicate of this bug. ***
Comment 9 Bernhard Rosenkraenzer 2001-01-30 20:35:50 UTC 
*** Bug 25331 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.