Login
Newsletter
Werbung

Sicherheit: Pufferüberläufe in BIND
Aktuelle Meldungen Distributionen
Name: Pufferüberläufe in BIND
ID: CSSA-2001-008.1
Distribution: Caldera
Plattformen: Caldera eDesktop 2.4, Caldera eBuilder, Caldera eServer 2.3.1, Caldera 2.3
Datum: Mi, 31. Januar 2001, 12:00
Referenzen: Keine Angabe
Applikationen: BIND

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
Caldera Systems, Inc. Security Advisory

Subject: BIND buffer overflow
Advisory number: CSSA-2001-008.1
Issue date: 2001 January, 29
Last change: 2001 January, 31
Cross reference:
______________________________________________________________________________


1. Problem Description

Several security problems have been discovered in the most recent
versions of BINDv8 (8.2.2p7). One of them is a buffer overflow that
can potentially exploited to execute arbitrary code with the privilege
of the bind user.

If you do not run the BIND named server, you are not affected
by this problem.

2. Vulnerable Versions

System Package
-----------------------------------------------------------
OpenLinux 2.3 All packages previous to
bind-8.2.3

OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder bind-8.2.3

OpenLinux eDesktop 2.4 All packages previous to
bind-8.2.3

3. Solution

Workaround

none

The proper solution is to upgrade to the latest packages.

As a matter of caution, we also suggest that you run the name
server process under a non-root user ID. In case of future
security holes in bind, this makes sure that remote attackers
do not immediately obtain root access.

Be warned however that when running the name server process
under a non-root uid it loses the ability to automatically
re-bind itself when you change the address of a network
interface, or create a new one. If you do that, you need
to manually restart named in this case.

On eDesktop 2.4, named already runs under the "bind" account by
default; this is not the case on OpenLinux 2.3 and eServer 2.3.1,
however.

Here's what to do:

a. Create a new user and group named `bind'.
Pick an unused user and group ID (on a normal OpenLinux
installation, uid and gid 19 should be available).
Run the following commands as super user, replacing
<uid> and <gid> by the user and group IDs you selected:

# groupadd -g <gid> bind
# useradd -u <uid> -g <gid> -d / -s /bin/false bind

b. Change the ownership of /var/named to bind.bind:

# chown -R bind.bind /var/named

c. Edit /etc/sysconfig/daemons/named. Replace the line

OPTIONS=""

with

OPTIONS="-u bind"

This makes sure that the name server process relinquishes
root privilege after initialization.

d. Stop and restart your name server:

# /etc/rc.d/init.d/named stop
# /etc/rc.d/init.d/named start

Note that simply issuing /etc/rc.d/init.d/named restart
will not be enough!

4. OpenLinux 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

01f9c6b514ab5aa70c3fe200c0c97243 RPMS/bind-8.2.3-1.i386.rpm
89ed56545ee05e8adf81775b2754afd0 RPMS/bind-doc-8.2.3-1.i386.rpm
41b9707056286325f4da4f45c0547b27 RPMS/bind-utils-8.2.3-1.i386.rpm
9ae6f304f9dd7a63aa291ed143fa4035 SRPMS/bind-8.2.3-1.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fhv bind-*i386.rpm
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start

5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

acd707632ae0e33432b5d37862265517 RPMS/bind-8.2.3-1.i386.rpm
679d55e150b0bc8de0828db076e8594b RPMS/bind-doc-8.2.3-1.i386.rpm
a2b1b9764e884f4b1ed2b77e222a6755 RPMS/bind-utils-8.2.3-1.i386.rpm
9ae6f304f9dd7a63aa291ed143fa4035 SRPMS/bind-8.2.3-1.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh bind-*i386.rpm
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

f454346c9bf531d6e9aa014d2be93e99 RPMS/bind-8.2.3-1.i386.rpm
33a4e0f2ff622ea60e920c189b48af00 RPMS/bind-doc-8.2.3-1.i386.rpm
a786125567471a7bd42544e104977d15 RPMS/bind-utils-8.2.3-1.i386.rpm
9ae6f304f9dd7a63aa291ed143fa4035 SRPMS/bind-8.2.3-1.src.rpm

6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -Fvh bind-*i386.rpm
/etc/rc.d/init.d/named stop
/etc/rc.d/init.d/named start

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

Additional information on this bug can be found at

http://www.cert.org/advisories/CA-2001-02.html

This security fix closes Caldera's internal Problem Report 8942.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6d+3l18sy83A/qfwRAjDSAJ9t7R8OiGb95t+DEsHUAW628jt7SgCeK1uB
5bK+TyAtICtvl/D84AnCz40=
=RkYp
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung