Red Hat Bugzilla – Bug 8403
NXT records improperly validated could lead to buffer overflow
Last modified: 2008-05-01 11:37:53 EDT
Six vulnerabilities have been found in BIND, the popular domain name server
from the Internet Software Consortium (ISC). One of these
vulnerabilities may allow remote intruders to gain privileged access to
Vulnerability #1: the "nxt bug"
Some versions of BIND fail to properly validate NXT records. This improper
validation could allow an intruder to overflow a buffer and execute
arbitrary code with the privileges of the name server.
NXT record support was introduced in BIND version 8.2. Prior versions of
BIND, including 4.x, are not vulnerable to this problem. The
ISC-supplied version of BIND corrected this problem in version 8.2.2.
Vulnerability #2: the "sig bug"
This vulnerability involves a failure to properly validate SIG records,
allowing a remote intruder to crash named; see the impact section for
SIG record support is found in multiple versions of BIND, including 4.9.5
Vulnerability #3: the "so_linger bug"
By intentionally violating the expected protocols for closing a TCP
session, remote intruders can cause named to pause for periods up to 120
Vulnerability #4: the "fdmax bug"
Remote intruders can consume more file descriptors than BIND can properly
manage, causing named to crash.
Vulnerability #5: the "maxdname bug"
Improper handling of certain data copied from the network could allow a
remote intruder to disrupt the normal operation of your name server,
possibly including a crash.
Vulnerability #6: the "naptr bug"
Some versions of BIND fail to validate zone information loaded from disk
files. In environments with unusual combinations of permissions and
protections, this could allow an intruder to crash named.
bind 8.2.2.P5 has been released to resolve this problem - but isn't available
from RH as of yet.
We're well aware of those and have released fixed packages several weeks ago.
Look at your favorite updates mirror.
Actually 8.2.2P5 *is* available from Red Hat, in Raw Hide.
8.2.2P3 (with a p4 patch applied) is available for older versions in the updates
directory on the ftp server.
8.2.2P5 does *NOT* fix any security problems, and does *NOT* have any other
important fixes 8.2.2P4 doesn't have, so there's no reason to issue yet another
update for the older versions.