Notified: October 21, 2003 Updated: November 20, 2003
Not Affected
adns is not a nameserver and has no cache. It is not vulnerable to these kinds of problems.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 11, 2003
Affected
Mac OS X 10.3 and later: Not Vulnerable. Mac OS X 10.3 uses a later version of BIND that does not have this vulnerability. Mac OS X 10.2.x: Recommend upgrading to Mac OS X 10.2.8, then installing BIND 8.4.3 as follows: First install the Developer Tools if they are not already present, then perform the following steps from the command-line in an application such as Terminal: 1. Download BIND version 8.4.3 by executing the following command: curl -O ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz 2. Verify the integrity of this file by typing: cksum bind-src.tar.gz which should indicate "3224691664 1438439 bind-src.tar.gz" 3. Unpack the distribution as follows: tar xvzf bind-src.tar.gz 4. Now you're ready to start building the distribution. cd to the src/ directory and type "make" 5. The next step will install the new named daemon: sudo cp bin/named/named /usr/sbin/ 6. Reboot
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 27, 2003
Not Affected
Check Point products are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Not Affected
Cray Inc. is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 01, 2003
Affected
Please see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:19.bind.asc
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 FreeBSD-SA-03:19.bind Security Advisory
The FreeBSD Project Topic: bind8 negative cache poison attack Category: contrib
Module: contrib_bind
Announced: 2003-11-28
Credits: Internet Software Consortium
Affects: FreeBSD versions through 4.9-RELEASE and 5.1-RELEASE
4-STABLE prior to the correction date
Corrected: 2003-11-28 22:13:47 UTC (RELENG_4, 4.9-STABLE)
2003-11-27 00:54:53 UTC (RELENG_5_1, 5.1-RELEASE-p11)
2003-11-27 16:54:01 UTC (RELENG_5_0, 5.0-RELEASE-p19)
2003-11-27 00:56:06 UTC (RELENG_4_9, 4.9-RELEASE-p1)
2003-11-27 16:34:22 UTC (RELENG_4_8, 4.8-RELEASE-p14)
2003-11-27 16:35:06 UTC (RELENG_4_7, 4.7-RELEASE-p24)
2003-11-27 16:37:00 UTC (RELENG_4_6, 4.6.2-RELEASE-p27)
2003-11-27 16:38:36 UTC (RELENG_4_5, 4.5-RELEASE-p37)
2003-11-27 16:40:03 UTC (RELENG_4_4, 4.4-RELEASE-p47)
CVE Name: CAN-2003-0914
FreeBSD only: NO For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 02, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 | Guardian Digital Security Advisory November 26, 2003 |
| http://www.guardiandigital.com ESA-20031126-031 | | Packages: bind-chroot, bind-chroot-utils |
| Summary: cache poisoning vulnerability. EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats. OVERVIEW A cache poisoning vulnerability exists in the version of BIND shipped
with all versions of EnGarde Secure Linux. Successful exploitation of
this vulnerability may result in a temporary denial of service until
the bad record expires from the cache. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0914 to this issue. Guardian Digital products affected by this issue include: EnGarde Secure Community v1.0.1
EnGarde Secure Community 2
EnGarde Secure Professional v1.1
EnGarde Secure Professional v1.2
EnGarde Secure Professional v1.5 It is recommended that all users apply this update as soon as possible. SOLUTION Guardian Digital Secure Network subscribers may automatically update
affected systems by accessing their account from within the Guardian
Digital WebTool. To modify your GDSN account and contact preferences, please go to: https://www.guardiandigital.com/account/ Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages: SRPMS/bind-chroot-8.2.6-1.0.30.src.rpm
MD5 Sum: 6127e55aaeffe9c92dcf793df910ee75 i386/bind-chroot-8.2.6-1.0.30.i386.rpm
MD5 Sum: b631c88d82dc4883df2271204d50abc3 i386/bind-chroot-utils-8.2.6-1.0.30.i386.rpm
MD5 Sum: eaac0812f751998c7f5ad66f7ba9d9d4 i686/bind-chroot-8.2.6-1.0.30.i686.rpm
MD5 Sum: 4b5ced2b8f72d9df3a340833ef0a60c0 i686/bind-chroot-utils-8.2.6-1.0.30.i686.rpm
MD5 Sum: 21f203bb6fad4a5474b179337c395442 REFERENCES Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY BIND's Official Web Site: http://www.isc.org/products/BIND/ Guardian Digital Advisories: http://infocenter.guardiandigital.com/advisories/ Security Contact: security@guardiandigital.com Author: Ryan W. Maple
Notified: October 21, 2003 Updated: December 03, 2003
Affected
Document ID: HPSBUX0311-303
Date Loaded: 20031130
Title: SSRT3653 Bind 8.1.2 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0311-303
Originally issued: 30 November 2003
SSRT3653 Bind 8.1.2 NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact. The information in the following Security Bulletin should be
acted upon as soon as possible. Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in this
Security Bulletin as soon as possible. PROBLEM: Potential security vulnerability in Bind 8.1.2. PLATFORM: HP-UX B.11.00 and B.11.11. IMPACT: Potential remotely exploitable denial of service. SOLUTION: Until a product upgrade is available, download and
install appropriate preliminary updates or upgrade
to Bind 9.2.0. B.11.11 - Install the preliminary depot: SSRT3653UX.depot. B.11.00 - A Bind 8.1.2 upgrade is available from
the ftp site listed below. The issue can be avoided by upgrading to
Bind 9.2.0 which is available now. The security
bulletin HPSBUX0208-209 has details about required
revisions of Bind 9.2.0 for B.11.00 and B.11.11. MANUAL ACTIONS: Yes - NonUpdate
B.11.11 - Install SSRT3653UX.depot. or upgrade to Bind 9.2.0. B.11.00 - Upgrade to Bind 9.2.0 or
install BIND812v005.depot. AVAILABILITY: This bulletin will be revised when a patch
is available for B.11.11. A. Background
The potential for a remotely exploitable denial of service
exists in Bind 8.1.2. AFFECTED VERSIONS The following is a list by HP-UX revision of
affected filesets and the fileset revision or
patch containing the fix. To determine if a
system has an affected version, search the
output of "swlist -a revision -l fileset"
for an affected fileset, then determine if
a fixed revision or the applicable patch is
installed. HP-UX B.11.11 InternetSrvcs.INETSVCS-RUN
fix: install SSRT3653UX.depot or
upgrade to Bind 9.2.0. HP-UX B.11.00 BINDv812.INETSVCS-BIND
fix: upgrade to BIND-812 revision B.11.00.01.005 or
upgrade to Bind 9.2.0. END AFFECTED VERSIONS B. Recommended solution Note: The issue can be avoided by upgrading to
Bind 9.2.0 which is available now. The security
bulletin HPSBUX0208-209 has details about required
revisions of Bind 9.2.0 for B.11.00 and B.11.11. HP-UX B.11.00 Bind 8.1.2 BIND812 for B.11.00 has been discontinued. It will
become obsolete by the end of March, 2004. A new
version of BIND812 for B.11.00 has been created to
address the issue of this bulletin. However, it is
recommended that customers upgrade to Bind 9.2.0 now. More details can be found here:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 25, 2003
Not Affected
Hitachi HI-UX/WE2 is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 03, 2003
Affected
The AIX operating system is vulnerable to the BIND8 cache poisoning attack in releases 4.3.3, 5.1.0 and 5.2.0 . The APAR's for this fix and their availablity are listed below. APAR number for AIX 4.3.3: IY49899 (available 2/25/2004) APAR number for AIX 5.1.0: IY49881 (available) APAR number for AIX 5.2.0: IY49883 (available 12/24/2003) These APARs can be downloaded by following the link for IBM's Fix Central at: http://www-1.ibm.com/servers/eserver/support/eseries/fixes Efix packages for 4.3.3 and 5.2.0 will be available by 12/02/2004 at: ftp://aix.software.ibm.com/aix/efixes/security/dns_poison_efix.tar.Z
The vendor has not provided us with any further information regarding this vulnerability.
IBM has published APAR IY49881 regarding this vulnerability. For more information, please see: http://www-1.ibm.com/support/docview.wss?uid=isg1IY49881
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
IBM eServer Platform Response For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be referred to servsec@us.ibm.com.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: December 01, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
[Outlook and Notes users -- please ask your system administrators to
assist you in creating out-of-office-autoreplies that respect public
mail lists; perhaps, creating such a reply that works only within the
organization or business partners.] [Virus scanner administrators -- sending virus warnings to a From: or
From_ header is a waste of time. Please configure your scanners to drop
mail in the SMTP protocol, and not bounce the email after the fact. Thanks.] Immunix Secured OS Security Advisory Packages updated: bind
Affected products: Immunix OS 7+
Bugs fixed: VU#734644 CAN-2003-0914
Date: Mon Oct 27 2003
Advisory ID: IMNX-2003-7+-024-01
Author: Seth Arnold
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 04, 2003 Updated: December 01, 2003
Affected
Internet Software Consortium Security Advisory. Negative Cache Poison Attack
4 September 2003 Versions affected: BIND 8 prior to 8.3.7
BIND 8.4.3 Release (8.4.3-REL) BIND 8.4.3 is a maintenance release of BIND 8.4. It includes the BIND 8.4.2
release which includes a security fix (also released as BIND 8.3.7). Highlights. Maintenance Release. Highlights (8.4.2)
Security Fix: Negative Cache Poison Fix. the distribution files are: ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz
Ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz the pgp signature files are: ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz.asc the md5 checksums are: MD5 (bind-contrib.tar.gz) = 454f8e3caf1610941a656fcc17e1ecec
MD5 (bind-contrib.tar.gz.asc) = f8f0a5b8985a8180e5bd02207f319980
MD5 (bind-doc.tar.gz) = fcfdaaa2fc7d6485b0e3d08299948bd3
MD5 (bind-doc.tar.gz.asc) = fc0671468c2e3a1e5ff817b69da21a6b
MD5 (bind-src.tar.gz) = e78610fc1663cfe8c2db6a2d132d902b
MD5 (bind-src.tar.gz.asc) = 40453b40819fd940ad4bfabd26425619 Windows NT / Windows 2000 binary distribution. ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1st.txt
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip.asc ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1sttools.txt
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip.asc the md5 checksums are: MD5 (readme1st.txt) = ac4ce260f151dc1ab393c145f4288bba
MD5 (BIND8.4.3.zip) = 7c3e333f90edbe3820952a62ff6ffdf3
MD5 (BIND8.4.3.zip.asc) = f2190cc390ce584c0cc624835bdcc8eb MD5 (readme1sttools.txt) = eef4c5782be1a1faac3ca0c756eaef05
MD5 (BIND8.4.3Tools.zip) = 8cb29c092394dfa430ef9ea47b6a02ea
MD5 (BIND8.4.3Tools.zip.asc) = a77b2adb1f23db780f45efee32a92882 top of CHANGES says: --- 8.4.3 released --- (Mon Nov 24 17:27:52 PST 2003) 1617. [cleanup] don't pre-fetch missing additional address records if
we have one of A/AAAA. 1616. [func] turn on "preferred-glue A;" (if not specified in
named.conf) if the answer space is a standard UDP
message size or smaller. 1615. [func] when query logging log whether TSIG (T) and/or EDNS (E)
was used to make the query. 1614. [cleanup] on dual (IPv4+IPv6) stack servers delay the lookup of
missing glue if we have glue for one family. 1613. [cleanup] notify: don't lookup A/AAAA records for nameservers
if we don't support the address at the transport level. 1612. [func] named now takes arguements -4 and -6 to limit the
IP transport used for making queries. 1611. [debug] better packet tracing in debug output (+ some lint). 1610. [bug] don't explictly declare errno use
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 03, 2003
Not Affected
No Juniper Networks products contain this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Not Affected
No MandrakeSoft products are affected by this as we ship BIND9 in all of our products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Affected
NetBSD (1.6, 1.6.1 and current) is shipping with vulnerable version of BIND 8. We will upgrade to either 8.3.7 or 8.4.2 as soon as ISC releases the info to the public. Or, users might want to use BIND 9 from pkgsrc.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 20, 2003
Affected
The current versions of Nixu NameSurfer are not affected by this issue as they ship with BIND 9.2.2. However, as NameSurfer Suite and NameSurfer Standard Edition also support all the earlier versions of BIND, Nixu recommends that all organizations operating an existing Nixu NameSurfer installation upgrade their visible nameservers to BIND versions 9.2.1 or newer; BIND9 is compatible with NameSurfer versions 3.0.1 or newer.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Not Affected
Nominum products are not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: November 17, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Not Affected
Red Hat ships Bind 9 in all our supported distributions and therefore we are not affected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Not Affected
SGI acknowledges VU#734644 reported by CERT and has determined that both SGI IRIX for MIPS systems and SGI ProPack Linux for Altix (IA64) are not vulnerable as BIND 8 does not ship with SGI IRIX or ProPack.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 01, 2003
Affected
All supported releases of Solaris (ie Solaris 7, 8 and 9) are affected by this issue. We have published a Sun Alert which is available from: http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/57434 It describes a possible workaround that can be used until official patches are released. Supported Cobalt platforms and Sun Linux 5.0 are also affected. A Sun Alert will be published and will be available from: http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 01, 2003
Affected
-----BEGIN PGP SIGNED MESSAGE----- SUSE Security Announcement Package: bind8
Announcement-ID: SuSE-SA:2003:047
Date: Friday, Nov 28th 2003 15:30 MEST
Affected products: 7.3, 8.0, 8.1, 8.2
Vulnerability Type: cache poisoning/denial-of-service
Severity (1-10): 5
SUSE default package: yes
Cross References: CAN-2003-0914 Content of this advisory: 1) security vulnerability resolved: - caching negative answers
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds: - ethereal
- KDE
- mc
- apache1/2
- gpg
- freeradius
- xscreensaver
- screen
- mod_gzip
- gnpan
3) standard appendix (further information) 1) problem description, brief discussion, solution, upgrade information To resolve IP addresses to host and domain names and vice versa the
DNS service needs to be consulted. The most popular DNS software is
the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote
denial-of-service attack by poisoning the cache with authoritative
negative responses that should not be accepted otherwise. To execute this attack a name-server needs to be under malicious
control and the victim's bind8 has to query this name-server. The attacker can set a high TTL value to keep his negative record as
long as possible in the cache of the victim. For this time the clients
of the attacked site that rely on the bind8 service will not be able
to reach the domain specified in the negative record. These records should disappear after the time-interval (TTL) elapsed. There is no temporary workaround for this bug. To make this update effective run "rcnamed restart" as root please. Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update. Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.2: ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.rpm
3d44d46f0e8397c69d53e96aba9fbd6d
patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.patch.rpm
cce1df09a0b6fb5cbbddcc462f055c64
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/bind8-8.3.4-64.src.rpm
a980a0eca79de02f135fce1cbe84ee22 SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.rpm
4a46d0560eac1ca5de77c12f8abe4952
patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.patch.rpm
c8020302f6f161e9d86a3f1615304a23
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/bind8-8.2.4-336.src.rpm
c9ee184cbd1f1722c94de9fd66f11801 SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.rpm
f739fdb03a7df6685e0aa026f98a0389
patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.patch.rpm
a3de26e06b689d29b4b4b08c04fa32f4
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/bind8-8.2.4-334.src.rpm
85d8d9fee3c8a029263777a45b4af011 SuSE-7.3: ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-8.2.4-334.i386.rpm
381c2b6f805ca30d0fefc98afaee9ba0
source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/bind8-8.2.4-334.src.rpm
97a87469cfb573bdd89f8f3a2c02264f Sparc Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-8.2.4-128.sparc.rpm
c08454b933ed2365d9d2ab1322803af6
source rpm(s): ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/bind8-8.2.4-128.src.rpm
827a7f56273c7a25ac40ffba728e9150 PPC Power PC Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-8.2.4-243.ppc.rpm
12f1f205c08449e945c8ad344a8e3b41
source rpm(s): ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/bind8-8.2.4-243.src.rpm
177093e76b3b8d2679089a1ab1c46d0e 2) Pending vulnerabilities in SUSE Distributions and Workarounds: - ethereal
A new official version of ethereal, a network traffic analyzer, was
released to fix various security-related problems. An update package is currently being tested and will be released
as soon as possible. - KDE
New KDE packages are currently being tested. These packages fixes
several vulnerabilities: + remote root compromise (CAN-2003-0690)
+ weak cookies (CAN-2003-0692)
+ SSL man-in-the-middle attack
+ information leak through HTML-referrer (CAN-2003-0459)
+ wrong file permissions of config files
The packages will be release as soon as testing is finished. - mc
By using a special combination of links in archive-files it is possible
to execute arbitrary commands while mc tries to open it in its VFS. The packages are currently tested and will be release as soon as
possible. - apache1/2
The widely used HTTP server apache has several security vulnerabilities: - locally exploitable buffer overflow in the regular expression code. The attacker must be able to modify .htaccess or httpd.conf. (affects: mod_alias and mod_rewrite) - under some circumstances mod_cgid will output its data to the
wrong client (affects: apache2)
The new packages are available on our FTP servers. - gpg
In GnuPG version 1.0.2 a new code for ElGamal was introduced. This code leads to an attack on users who use ElGamal keys for
signing. It is possible to reconstruct the private ElGamal key
by analyzing a public ElGamal signature. Please note that the ElGamal algorithm is seldomly used and GnuPG
displays several warnings when generating ElGamal signature keys. The default key generation process in GnuPG will create a DSA signature
key and an ElGamal subkey for _encryption only_. These keys are not
affected by this vulnerability. Anyone using ElGamal signature keys (type 20, check fourth field of
"gpg --list-keys --with-colon" output) should revoke them. - freeradius
Two vulnerabilities were found in the FreeRADIUS package. The remote denial-of-service attack bug was fixed and new packages
will be released as soon as testing was successfully finished. The other bug is a remote buffer overflow in the module rlm_smb. We do not ship this module and will fix it for future releases. - xscreensaver
The well known screen-saver for X is vulnerable to several local
tmp file attacks as well as a crash when verifying a password. Only SuSE Linux 9.0 products are affected. The new packages are available on our FTP servers. - screen
A buffer overflow in screen was reported. Since SuSE Linux 8.0
we do not ship screen with the s-bit anymore. An update package
will be released for 7.3 as soon as possible. - mod_gzip
The apache module mod_gzip is vulnerable to remote code execution
while running in debug-mode. We do not ship this module in debug-mode
but future versions will include the fix. - gnpan
A remote denial-of-service attack can be run against the GNOME
news-reader program gnpan. This bug affects SuSE Linux 8.0, 8.1, 8.2. Update packages are available on our FTP servers. 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command
md5sum
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: December 03, 2003
Affected
UnixWare 7.1.3: Unaffected current version of bind is 9.2.1. Open UNIX 8.0.0 (aka UnixWare 7.1.2) Unaffected current version of bind is 9.2.0. UnixWare 7.1.1: Affected. Fix will be at ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33 OpenServer: fix in-progress OpenLinux: also fix in-progress
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: UnixWare 7.1.1 : Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2 Advisory number: CSSA-2003-SCO.33 Issue date: 2003 December 01 Cross reference: sr886768 fz528464 erg712479 CAN-2003-0914 1. Problem Description UnixWare 7.1.3 is unaffected by this issue because the version of bind included in UnixWare 7.1.3 is 9.2.1. Open UNIX is also unaffected by this issue because the version of bind in Open UNIX 8.0.0 is 9.1.0. CERT/CC Incident Note VU#734644 BIND is an implementation of the Domain Name System (DNS) protocols. Successful exploitation of this vulnerability may result in a temporary denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0914 to this issue. 2. Vulnerable Supported Versions System Binaries UnixWare 7.1.1 /usr/sbin/addr /usr/sbin/dig /usr/sbin/dnskeygen /usr/sbin/dnsquery /usr/sbin/host /usr/sbin/in.named /usr/sbin/irpd /usr/sbin/mkservdb /usr/sbin/named-bootconf /usr/sbin/named-bootconf.pl /usr/sbin/named-xfer /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nsupdate 3. Solution The proper solution is to install the latest packages. 4. UnixWare 7.1.1 4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33 4.2 Verification MD5 (erg712479.Z) = c1faea2a6a1da952e88c5123f88a2f89 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: Unknown installation method 5. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr886768 fz528464 erg712479. 6. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5) iD8DBQE/y8gZaqoBO7ipriERAkRQAKCQ+f4Q5Etfz8L83tr/vGGRzI1kYQCgl/hK g7YQSKd9TDnf59KkuFTbrBQ= =XyVk -----END PGP SIGNATURE-----
Updated: December 01, 2003
Affected
Please see http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Trustix Secure Linux Security Advisory #2003-0044 Package name: bind
Summary: negative cache sec. fix
Date: 2003-11-27
Affected versions: TSL 1.2, 1.5 Package description: BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain
Name System) protocols. BIND includes a DNS server (named), which resolves
host names to IP addresses, and a resolver library (routines for applications
to use when interfacing with DNS). A DNS server allows clients to name
resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server,
but is generally only needed on one machine for an entire network. Note that
the configuration files for making BIND act as a simple caching nameserver
are included in the caching-nameserver package.Install the bind package if
you need a DNS server for your network. If you want bind to act a caching
name server, you will also need to install the caching-nameserver package. Problem description: According the the bind announcment dated Thu, 27 Nov 2003, the new upstream
bind 8.3.7 fixes a security problem: Security Fix: Negative Cache Poison Fix. This issue has been addressed in these updates. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system. Location: All TSL updates are available from
Notified: October 21, 2003 Updated: October 21, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 21, 2003 Updated: November 17, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.